CVE-2018-1271
Vulnerability from cvelistv5
Published
2018-04-06 13:00
Modified
2024-09-16 23:16
Severity ?
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/103699Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1271Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103699Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1271Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:49.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103699",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103699"
          },
          {
            "name": "RHSA-2018:2669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2669"
          },
          {
            "name": "RHSA-2018:2939",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2939"
          },
          {
            "name": "RHSA-2018:1320",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1320"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1271"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Spring by Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 5.0.5 and 4.3.15"
            }
          ]
        }
      ],
      "datePublic": "2018-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 - Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:03",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "103699",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103699"
        },
        {
          "name": "RHSA-2018:2669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2669"
        },
        {
          "name": "RHSA-2018:2939",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2939"
        },
        {
          "name": "RHSA-2018:1320",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1320"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1271"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-04-05T00:00:00",
          "ID": "CVE-2018-1271",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to 5.0.5 and 4.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring by Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 - Path Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103699",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103699"
            },
            {
              "name": "RHSA-2018:2669",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2669"
            },
            {
              "name": "RHSA-2018:2939",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2939"
            },
            {
              "name": "RHSA-2018:1320",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1320"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1271",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1271"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1271",
    "datePublished": "2018-04-06T13:00:00Z",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-09-16T23:16:43.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1271\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2018-04-06T13:29:00.500\",\"lastModified\":\"2024-11-21T03:59:30.683\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.\"},{\"lang\":\"es\",\"value\":\"Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, as\u00ed como versiones m\u00e1s antiguas no soportadas, permite que las aplicaciones configuren Spring MVC para que sirva recursos est\u00e1ticos (por ejemplo, CSS, JS o im\u00e1genes). Cuando se sirven recursos est\u00e1ticos desde un sistema de archivos en Windows (en contraposici\u00f3n a classpath o a ServletContext), un usuario malicioso puede enviar una petici\u00f3n mediante una URL especialmente manipulada que puede llevar a un ataque de salto de directorio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.15\",\"matchCriteriaId\":\"DD987888-3DB7-4BE3-A830-9F915F3C81DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.5\",\"matchCriteriaId\":\"8D2CC334-AFF8-41D4-9FBD-88C8FF9DA406\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EA8B91-7634-4636-B647-1049BA7CA088\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4DF46F-DBCC-41F2-A260-F83A14838F23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F17843-32EA-4C31-B65C-F424447BEF7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00280604-1DC1-4974-BF73-216C5D76FFA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0.0.1\",\"matchCriteriaId\":\"EC361999-AAD8-4CB3-B00E-E3990C3529B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3\",\"matchCriteriaId\":\"CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2.1\",\"matchCriteriaId\":\"468931C8-C76A-4E47-BF00-185D85F719C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5312AC7A-3C16-4967-ACA6-317289A749D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.0.4.0\",\"matchCriteriaId\":\"97C1FA4C-5163-420C-A01A-EA36F1039BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE12B6A4-E128-41EC-8017-558F50B961BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C4A89F2-713D-4A36-9D28-22748D30E0FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDFABB2C-2FA2-4F83-985B-7FCEAF274418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A609003-8687-40B4-8AC3-06A1534ADE30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9027528A-4FE7-4E3C-B2DF-CCCED22128F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A699D02-296B-411E-9658-5893240605D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7036576C-2B1F-413D-B154-2DBF9BFDE7E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.3.1\",\"matchCriteriaId\":\"E08D4207-DB46-42D6-A8C9-1BE857483B88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641D134E-6C51-4DB8-8554-F6B5222EF479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79B50C2-27C2-4A9C-ACEE-B70015283F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB6321F8-7A0A-4DB8-9889-3527023C652A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25F8E604-8180-4728-AD2D-7FF034E3E65A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02867DC7-E669-43C0-ACC4-E1CAA8B9994C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBAFA631-C92B-4FF7-8E65-07C67789EBCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9652104A-119D-4327-A937-8BED23C23861\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CBFA960-D242-43ED-8D4C-A60F01B70740\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0513B305-97EF-4609-A82E-D0CDFF9925BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19A0F1AF-F2E6-44E7-8E2D-190E103B72D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D53690D-3390-4A27-988A-709CD89DD05B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C7EEA3-AA72-48DA-A112-2923DBB37773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0735989-13BD-40B3-B954-AC0529C5B53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B5F416-56AE-4DC5-BCFF-49702463E716\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58405263-E84C-4071-BB23-165D49034A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD4AB77A-E829-4603-AF6A-97B9CD0D687F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DE15D64-6F49-4F43-8079-0C7827384C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22847CAE-3C2C-4C2E-9D2E-47DB4091442E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4D5A9AB-3DE0-4496-82E5-A2DB5CFDAA9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E484D25-1753-42A1-9658-8E9CCE8E3568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FEAFF40-B0C7-4B05-A655-B3F93055FBCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBF4C859-616D-44F9-BE76-589A4E6E8BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20357086-0C32-44B5-A1FA-79283E88FB47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1AFAE16-B69F-410A-8CE3-1CDD998A8433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8CE753D-A090-47DE-8EF0-8FDE07576E80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BAFB538-A395-4C4D-83F7-CD453C0DFB4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C0CA26F-41D3-433F-9C17-1A4F5066F184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F73E2EFA-0F43-4D92-8C7D-9E66811B76D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B27C4D75-3927-4D07-BE16-4204F641A453\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0A6CF77-09DF-43FD-833A-8DAAE016717A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07630491-0624-4C5C-A858-C5D3CDCD1B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC9CA11F-F718-43E5-ADB9-6C348C75E37A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA4DF85-9225-4422-BF10-D7DAE7DCE007\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77C2A2A4-285B-40A1-B9AD-42219D742DD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE8CF045-09BB-4069-BCEC-496D5AE3B780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38E74E68-7F19-4EF3-AC00-3C249EAAA39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"632E9828-907F-4F2C-81D5-A74A6DDA2748\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"274999E6-18ED-46F0-8CF2-56374B3DF174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FFEA075-11EB-4E99-92A1-8B2883C64CC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21973CDD-D16E-4321-9F8E-67F4264D7C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"959316A8-C3AF-4126-A242-3835ED0AD1E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"909A7F73-0164-471B-8EBD-1F70072E9809\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CE08DC9-5153-48D6-B23C-68A632FF8FF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70D4467D-6968-4557-AF61-AFD42B2B48D3\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103699\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1320\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2669\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2939\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2018-1271\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103699\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2018-1271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.