Find a vulnerability
Search criteria
18 vulnerabilities found for FLEXCUBE Investor Servicing by Oracle
VAR-202005-1051
Vulnerability from variot - Updated: 2026-04-10 22:55Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. Apache Ant There is an information leakage vulnerability in.Information may be obtained and tampered with. Apache Ant is a set of automation tools for Java software development developed by the Apache Software Foundation. This tool is mainly used for software compilation, testing and deployment. An attacker could exploit this vulnerability to disclose sensitive information. Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. For further information, refer to the release notes linked to in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability
- Bugs fixed (https://bugzilla.redhat.com/):
1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1903702 - CVE-2020-11979 ant: insecure temporary file 1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users 1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels 1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix 1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names 1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page 1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview 1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service 1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors 1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints 1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar 1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers 1925674 - Placeholder bug for OCP 4.6.0 rpm release
- Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Solution:
For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/):
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update Advisory ID: RHSA-2021:0637-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0637 Issue date: 2021-03-03 CVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305 CVE-2020-2306 CVE-2020-2307 CVE-2020-2308 CVE-2020-2309 CVE-2020-11979 CVE-2020-25658 ==================================================================== 1. Summary:
Red Hat OpenShift Container Platform release 3.11.394 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)
-
jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)
-
ant: Insecure temporary file vulnerability (CVE-2020-1945)
-
jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)
-
jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)
-
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)
-
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)
-
ant: Insecure temporary file (CVE-2020-11979)
-
python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.394. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:0638
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update fixes the following bugs among others:
-
Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)
-
Previously, the
openshift_named_certificatesrole checked the contents of theca-bundle.crtfile during cluster installation. This caused the check to fail during initial installation because theca-bundle.crtfile is not yet created in that scenario. This bug fix allows the cluster to skip checking theca-bundle.crtfile if it does not exist, resulting in initial installations succeeding. (BZ#1920567) -
Previously, if the
openshift_releaseattribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by thecluster_facts.ymlfile being gathered before theopenshift_releaseattribute was defined by the upgrade playbook. Now thecluster_facts.ymlfile is gathered after theopenshift_versionrole runs and theopenshift_releaseattribute is set, allowing for successful node upgrades. (BZ#1921353)
All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system is applied.
See the following documentation, which will be updated shortly for release 3.11.394, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
- Bugs fixed (https://bugzilla.redhat.com/):
1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1849003 - fact dicts returned are of type string rather than dict 1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components 1879407 - The restart-cluster playbook doesn't take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size 1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption 1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks 1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks 1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure 1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin 1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates 1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs 1903699 - Prometheus consumes all available memory 1903702 - CVE-2020-11979 ant: insecure temporary file 1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router 1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process 1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified 1924614 - Provide jenkins agent image for maven36 1924811 - Provide jenkins agent image for maven36 1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface 1929216 - KeyError: 'addresses' in kuryr-controller when Endpoints' slice only lists notReadyAddresses
- Package List:
Red Hat OpenShift Container Platform 3.11:
Source: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm haproxy-1.8.28-1.el7.src.rpm jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm jenkins-2.263.3.1612433584-1.el7.src.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm python-rsa-4.5-3.el7.src.rpm
noarch: atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm jenkins-2.263.3.1612433584-1.el7.noarch.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-rsa-4.5-3.el7.noarch.rpm
ppc64le: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm haproxy18-1.8.28-1.el7.ppc64le.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm
x86_64: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm haproxy18-1.8.28-1.el7.x86_64.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1945 https://access.redhat.com/security/cve/CVE-2020-2304 https://access.redhat.com/security/cve/CVE-2020-2305 https://access.redhat.com/security/cve/CVE-2020-2306 https://access.redhat.com/security/cve/CVE-2020-2307 https://access.redhat.com/security/cve/CVE-2020-2308 https://access.redhat.com/security/cve/CVE-2020-2309 https://access.redhat.com/security/cve/CVE-2020-11979 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z Ru/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93 T5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT g5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv d/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL j5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N qCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD 7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es 4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/ Nk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v wA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2 +rElYOcZkO0=9NLN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-34
https://security.gentoo.org/
Severity: Normal Title: Apache Ant: Multiple vulnerabilities Date: July 27, 2020 Bugs: #723086 ID: 202007-34
Synopsis
Apache Ant uses various insecure temporary files possibly allowing local code execution.
Background
Ant is a Java-based build tool similar to 'make' that uses XML configuration files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/ant < 1.10.8 >= 1.10.8
Description
Apache Ant was found to be using multiple insecure temporary files which may disclose sensitive information or execute code from an unsafe local location.
Impact
A local attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Apache Ant users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-java/ant-1.10.8"
References
[ 1 ] CVE-2020-1945 https://nvd.nist.gov/vuln/detail/CVE-2020-1945
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202007-34
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "retail size profile optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "ant",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.10.7"
},
{
"_id": null,
"model": "ant",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.9.14"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "banking liquidity management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"_id": null,
"model": "ant",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.10.0"
},
{
"_id": null,
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "retail item planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "health sciences information manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.2"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"_id": null,
"model": "banking enterprise collections",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.5"
},
{
"_id": null,
"model": "health sciences information manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "timesten in-memory database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.2.8.49"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"_id": null,
"model": "enterprise repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"_id": null,
"model": "category management planning \\\u0026 optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.4"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"_id": null,
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"_id": null,
"model": "retail macro space optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail data extractor for merchandising",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"_id": null,
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"_id": null,
"model": "banking enterprise collections",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.4.0"
},
{
"_id": null,
"model": "retail data extractor for merchandising",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "retail regular price optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"_id": null,
"model": "retail regular price optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "communications order and service management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.4.0"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"_id": null,
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"_id": null,
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.8"
},
{
"_id": null,
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"_id": null,
"model": "retail merchandise financial planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "real-time decision server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.1.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"_id": null,
"model": "ant",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.1"
},
{
"_id": null,
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "communications asap",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "communications order and service management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.4.0"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "timesten in-memory database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.2.8.27"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1.0"
},
{
"_id": null,
"model": "retail replenishment optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.3"
},
{
"_id": null,
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "banking liquidity management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.4.0"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "communications metasolv solution",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.0"
},
{
"_id": null,
"model": "retail size profile optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"_id": null,
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "ant",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.1 \u304b\u3089 1.9.14"
},
{
"_id": null,
"model": "ant",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.10.0 \u304b\u3089 1.10.7"
},
{
"_id": null,
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005528"
},
{
"db": "NVD",
"id": "CVE-2020-1945"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:ant",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005528"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "158150"
},
{
"db": "PACKETSTORM",
"id": "161644"
},
{
"db": "PACKETSTORM",
"id": "161454"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "161647"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-777"
}
],
"trust": 1.2
},
"cve": "CVE-2020-1945",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2020-1945",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005528",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-172829",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2020-1945",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005528",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-1945",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005528",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-777",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-172829",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-1945",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172829"
},
{
"db": "VULMON",
"id": "CVE-2020-1945"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-777"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005528"
},
{
"db": "NVD",
"id": "CVE-2020-1945"
}
]
},
"description": {
"_id": null,
"data": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. Apache Ant There is an information leakage vulnerability in.Information may be obtained and tampered with. Apache Ant is a set of automation tools for Java software development developed by the Apache Software Foundation. This tool is mainly used for software compilation, testing and deployment. An attacker could exploit this vulnerability to disclose sensitive information. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. For further information, refer to the release notes linked to\nin the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users\n1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels\n1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix\n1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names\n1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page\n1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview\n1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service\n1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors\n1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints\n1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar\n1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers\n1925674 - Placeholder bug for OCP 4.6.0 rpm release\n\n6. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. Solution:\n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1848617 - CVE-2019-17566 batik: SSRF via \"xlink:href\"\n1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update\nAdvisory ID: RHSA-2021:0637-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0637\nIssue date: 2021-03-03\nCVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305\n CVE-2020-2306 CVE-2020-2307 CVE-2020-2308\n CVE-2020-2309 CVE-2020-11979 CVE-2020-25658\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 3.11.394 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint\ncould result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables\nare accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nPlugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nplug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption\n(CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined\ncluster size for ops clusters. This was causing come clusters to never\ncomplete their restart. This bug fix passes the logging ops cluster size,\nallowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents\nof the `ca-bundle.crt` file during cluster installation. This caused the\ncheck to fail during initial installation because the `ca-bundle.crt` file\nis not yet created in that scenario. This bug fix allows the cluster to\nskip checking the `ca-bundle.crt` file if it does not exist, resulting in\ninitial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the\nAnsible inventory file, the nodes of the cluster would fail during an\nupgrade. This was caused by the `cluster_facts.yml` file being gathered\nbefore the `openshift_release` attribute was defined by the upgrade\nplaybook. Now the `cluster_facts.yml` file is gathered after the\n`openshift_version` role runs and the `openshift_release` attribute is set,\nallowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. \n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and\nfully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1849003 - fact dicts returned are of type string rather than dict\n1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components\n1879407 - The restart-cluster playbook doesn\u0027t take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size\n1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption\n1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure\n1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs\n1903699 - Prometheus consumes all available memory\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router\n1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process\n1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified\n1924614 - Provide jenkins agent image for maven36\n1924811 - Provide jenkins agent image for maven36\n1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface\n1929216 - KeyError: \u0027addresses\u0027 in kuryr-controller when Endpoints\u0027 slice only lists notReadyAddresses\n\n6. Package List:\n\nRed Hat OpenShift Container Platform 3.11:\n\nSource:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm\ngolang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm\ngolang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm\ngolang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm\nhaproxy-1.8.28-1.el7.src.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.src.rpm\njenkins-2.263.3.1612433584-1.el7.src.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm\nopenshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm\npython-rsa-4.5-3.el7.src.rpm\n\nnoarch:\natomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\natomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm\njenkins-2.263.3.1612433584-1.el7.noarch.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-rsa-4.5-3.el7.noarch.rpm\n\nppc64le:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm\nhaproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm\nhaproxy18-1.8.28-1.el7.ppc64le.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm\n\nx86_64:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm\nhaproxy-debuginfo-1.8.28-1.el7.x86_64.rpm\nhaproxy18-1.8.28-1.el7.x86_64.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1945\nhttps://access.redhat.com/security/cve/CVE-2020-2304\nhttps://access.redhat.com/security/cve/CVE-2020-2305\nhttps://access.redhat.com/security/cve/CVE-2020-2306\nhttps://access.redhat.com/security/cve/CVE-2020-2307\nhttps://access.redhat.com/security/cve/CVE-2020-2308\nhttps://access.redhat.com/security/cve/CVE-2020-2309\nhttps://access.redhat.com/security/cve/CVE-2020-11979\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z\nRu/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93\nT5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT\ng5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv\nd/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL\nj5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N\nqCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD\n7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es\n4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/\nNk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v\nwA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2\n+rElYOcZkO0=9NLN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202007-34\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Ant: Multiple vulnerabilities\n Date: July 27, 2020\n Bugs: #723086\n ID: 202007-34\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nApache Ant uses various insecure temporary files possibly allowing\nlocal code execution. \n\nBackground\n=========\nAnt is a Java-based build tool similar to \u0027make\u0027 that uses XML\nconfiguration files. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/ant \u003c 1.10.8 \u003e= 1.10.8\n\nDescription\n==========\nApache Ant was found to be using multiple insecure temporary files\nwhich may disclose sensitive information or execute code from an unsafe\nlocal location. \n\nImpact\n=====\nA local attacker could possibly execute arbitrary code with the\nprivileges of the process, or cause a Denial of Service condition. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache Ant users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-java/ant-1.10.8\"\n\nReferences\n=========\n[ 1 ] CVE-2020-1945\n https://nvd.nist.gov/vuln/detail/CVE-2020-1945\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202007-34\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1945"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005528"
},
{
"db": "VULHUB",
"id": "VHN-172829"
},
{
"db": "VULMON",
"id": "CVE-2020-1945"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "158150"
},
{
"db": "PACKETSTORM",
"id": "161644"
},
{
"db": "PACKETSTORM",
"id": "161454"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "161647"
},
{
"db": "PACKETSTORM",
"id": "158600"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-1945",
"trust": 3.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/09/30/6",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/12/06/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "161454",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158600",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159921",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161644",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005528",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157902",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202005-777",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158150",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1680",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0771",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1915",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0599",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3894",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6025",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2139",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2472",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1653",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042552",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072748",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161647",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159924",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-46282",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-172829",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-1945",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172829"
},
{
"db": "VULMON",
"id": "CVE-2020-1945"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "158150"
},
{
"db": "PACKETSTORM",
"id": "161644"
},
{
"db": "PACKETSTORM",
"id": "161454"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "161647"
},
{
"db": "PACKETSTORM",
"id": "158600"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-777"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005528"
},
{
"db": "NVD",
"id": "CVE-2020-1945"
}
]
},
"id": "VAR-202005-1051",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-172829"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:55:07.012000Z",
"patch": {
"_id": null,
"data": [
{
"title": "[creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"
},
{
"title": "[creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"
},
{
"title": "[jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"
},
{
"title": "[CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
},
{
"title": "[jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"
},
{
"title": "[jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"
},
{
"title": "[jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"
},
{
"title": "USN-4380-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"title": "Apache Ant Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=120777"
},
{
"title": "Ubuntu Security Notice: Apache Ant vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4380-1"
},
{
"title": "Debian CVElist Bug Report Logs: ant: CVE-2020-1945",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2f2bfe313c011b85e70b7511f52afaa3"
},
{
"title": "Debian CVElist Bug Report Logs: ant: CVE-2020-11979",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2a449f8fc892d50c69e07a3668964924"
},
{
"title": "Red Hat: Moderate: Red Hat Decision Manager 7.9.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204960 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Vulnerability in Apache Ant affects IBM Platform Symphony and IBM Spectrum Symphony",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7b1cd05975d43c37f2d60c4fff131c25"
},
{
"title": "Arch Linux Advisories: [ASA-202005-15] ant: arbitrary command execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-15"
},
{
"title": "Red Hat: Moderate: Red Hat Process Automation Manager 7.9.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204961 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-1945 log"
},
{
"title": "IBM: Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=141b2e54160a76a0f41beef4db28270e"
},
{
"title": "Arch Linux Advisories: [ASA-202012-5] ant: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202012-5"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.6.17 security and packages update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210423 - Security Advisory"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1945"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-777"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005528"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-668",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172829"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005528"
},
{
"db": "NVD",
"id": "CVE-2020-1945"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1945"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/4380-1/"
},
{
"trust": 1.8,
"url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3cdev.ant.apache.org%3e"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3ccommits.groovy.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3cnotifications.groovy.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3cdev.ant.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3cnotifications.groovy.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3ccommits.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3cusers.groovy.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3cdev.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3cnotifications.groovy.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eqbr65tinsjrn7ptpivnys33p535wm74/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3cnotifications.groovy.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3cdev.groovy.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3ccommits.myfaces.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rrvawtcvxjmrykqkexysnbf7nlsr6oei/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3ccommits.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3ccommits.myfaces.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3ctorque-dev.db.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3cuser.ant.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rrvawtcvxjmrykqkexysnbf7nlsr6oei/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eqbr65tinsjrn7ptpivnys33p535wm74/"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3cannounce.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3cannounce.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3cdev.ant.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3cuser.ant.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3ccommits.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3ccommits.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3ctorque-dev.db.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3ccommits.groovy.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3cdev.groovy.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3cnotifications.groovy.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3cnotifications.groovy.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3cnotifications.groovy.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3cnotifications.groovy.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3cusers.groovy.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3cdev.hive.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3ccommits.myfaces.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3ccommits.myfaces.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1945"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-1945"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0599"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157902/ubuntu-security-notice-usn-4380-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-ant-file-corruption-32379"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042552"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158600/gentoo-linux-security-advisory-202007-34.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3894/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161454/red-hat-security-advisory-2021-0423-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1680/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2472/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161644/red-hat-security-advisory-2021-0429-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2139/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-vulnerabilities-affect-ibm-control-center-cve-2020-1945-cve-2020-11979/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072748"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1915/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0771"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-platform-symphony-and-ibm-spectrum-symphony/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6025"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affect-ibm-operations-analytics-log-analysis-analysis-cve-2020-1945/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158150/red-hat-security-advisory-2020-2618-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3485/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11979"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11979"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2875"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2934"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2933"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1954"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2934"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2933"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1954"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21607"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21606"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21608"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21609"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21602"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21608"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21603"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21611"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21605"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21610"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21607"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21605"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21609"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21602"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21604"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21604"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21610"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21606"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21611"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4961"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/products/red-hat-amq#streams"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.streams\u0026downloadtype=distributions\u0026version=1.5.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.5/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0429"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0428"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0423"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:0424"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2306"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2306"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:0638"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172829"
},
{
"db": "VULMON",
"id": "CVE-2020-1945"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "158150"
},
{
"db": "PACKETSTORM",
"id": "161644"
},
{
"db": "PACKETSTORM",
"id": "161454"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "161647"
},
{
"db": "PACKETSTORM",
"id": "158600"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-777"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005528"
},
{
"db": "NVD",
"id": "CVE-2020-1945"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-172829",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-1945",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159924",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158150",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161644",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161454",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159921",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161647",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158600",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202005-777",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005528",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-1945",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-172829",
"ident": null
},
{
"date": "2020-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1945",
"ident": null
},
{
"date": "2020-11-06T15:18:46",
"db": "PACKETSTORM",
"id": "159924",
"ident": null
},
{
"date": "2020-06-19T16:45:29",
"db": "PACKETSTORM",
"id": "158150",
"ident": null
},
{
"date": "2021-03-03T15:53:12",
"db": "PACKETSTORM",
"id": "161644",
"ident": null
},
{
"date": "2021-02-18T14:14:45",
"db": "PACKETSTORM",
"id": "161454",
"ident": null
},
{
"date": "2020-11-06T15:06:03",
"db": "PACKETSTORM",
"id": "159921",
"ident": null
},
{
"date": "2021-03-03T15:53:58",
"db": "PACKETSTORM",
"id": "161647",
"ident": null
},
{
"date": "2020-07-27T18:34:18",
"db": "PACKETSTORM",
"id": "158600",
"ident": null
},
{
"date": "2020-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-777",
"ident": null
},
{
"date": "2020-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005528",
"ident": null
},
{
"date": "2020-05-14T16:15:12.767000",
"db": "NVD",
"id": "CVE-2020-1945",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-172829",
"ident": null
},
{
"date": "2021-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1945",
"ident": null
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-777",
"ident": null
},
{
"date": "2020-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005528",
"ident": null
},
{
"date": "2024-11-21T05:11:42.183000",
"db": "NVD",
"id": "CVE-2020-1945",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "158600"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-777"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache Ant Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005528"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-777"
}
],
"trust": 0.6
}
}
VAR-201704-1589
Vulnerability from variot - Updated: 2026-03-09 20:56In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. A code issue vulnerability exists in Apache Log4j 2.x versions prior to 2.8.2. An attacker could exploit this vulnerability to execute arbitrary code.
Security Fix(es):
-
hawtio-osgi (CVE-2017-5645)
-
prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)
-
apache-commons-compress (CVE-2019-12402)
-
karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)
-
tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)
-
spring-cloud-config-server (CVE-2020-5410)
-
velocity (CVE-2020-13936)
-
httpclient: apache-httpclient (CVE-2020-13956)
-
shiro-core: shiro (CVE-2020-17510)
-
hibernate-core (CVE-2020-25638)
-
wildfly-openssl (CVE-2020-25644)
-
jetty (CVE-2020-27216, CVE-2021-28165)
-
bouncycastle (CVE-2020-28052)
-
wildfly (CVE-2019-14887, CVE-2020-25640)
-
resteasy-jaxrs: resteasy (CVE-2020-1695)
-
camel-olingo4 (CVE-2020-1925)
-
springframework (CVE-2020-5421)
-
jsf-impl: Mojarra (CVE-2020-6950)
-
resteasy (CVE-2020-10688)
-
hibernate-validator (CVE-2020-10693)
-
wildfly-elytron (CVE-2020-10714)
-
undertow (CVE-2020-10719)
-
activemq (CVE-2020-13920)
-
cxf-core: cxf (CVE-2020-13954)
-
fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)
-
jboss-ejb-client: wildfly (CVE-2020-14297)
-
xercesimpl: wildfly (CVE-2020-14338)
-
xnio (CVE-2020-14340)
-
flink: apache-flink (CVE-2020-17518)
-
resteasy-client (CVE-2020-25633)
-
xstream (CVE-2020-26258)
-
mybatis (CVE-2020-26945)
-
pdfbox (CVE-2021-27807, CVE-2021-27906)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS 1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath 1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame
The References section of this erratum contains a download link (you must log in to download the update).
This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. (CVE-2017-5645)
-
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)
-
It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. (CVE-2015-6644)
-
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. (CVE-2017-2582)
-
It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Bugs fixed (https://bugzilla.redhat.com/):
1410481 - CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1444015 - CVE-2015-6644 bouncycastle: Information disclosure in GCMBlockCipher 1455566 - CVE-2014-9970 jasypt: Vulnerable to timing attack against the password hash comparison 1465573 - CVE-2017-7536 hibernate-validator: Privilege escalation when running under the security manager
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-11485 - Tracker bug for the EAP 7.0.8 release for RHEL-7
Security Fix(es):
-
bsh2: remote code execution via deserialization (CVE-2016-2510)
-
log4j: Socket receiver deserialization vulnerability (CVE-2017-5645)
-
uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code (CVE-2017-15691)
-
mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
-
thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Installation instructions are available from the Fuse 7.3.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/
- Bugs fixed (https://bugzilla.redhat.com/):
1310647 - CVE-2016-2510 bsh2: remote code execution via deserialization 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1572463 - CVE-2017-15691 uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code 1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) 1667188 - CVE-2018-11798 thrift: Improper Access Control grants access to files outside the webservers docroot path
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-java-common-log4j security update Advisory ID: RHSA-2017:1417-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:1417 Issue date: 2017-06-08 CVE Names: CVE-2017-5645 =====================================================================
- Summary:
An update for rh-java-common-log4j is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
Log4j is a tool to help the programmer output log statements to a variety of output targets. (CVE-2017-5645)
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZOQMQXlSAg2UNWIIRAgwvAJ9zqVY6yvhkuO8Uqdtyu86+9P1VIgCgtBhf ceYEsokMPo3LCY/99DiysrI= =wZ5c -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2017-5645)
- A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-7525)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"_id": null,
"model": "financial services regulatory reporting with agilereporter",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.2.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.7.4297"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"_id": null,
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"_id": null,
"model": "communications online mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"_id": null,
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.1"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.5"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.9"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"_id": null,
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.4.5235"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.4"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4.0.0"
},
{
"_id": null,
"model": "autovue vuelink integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.1"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.8"
},
{
"_id": null,
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"_id": null,
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "utilities work and asset management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.1.2.12"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "communications network integrity",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"_id": null,
"model": "timesten in-memory database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.2.8.49"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.10"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"_id": null,
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"_id": null,
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "identity manager connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "peoplesoft enterprise fin install",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "communications converged application server - service controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"_id": null,
"model": "financial services lending and leasing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"_id": null,
"model": "in-memory performance-driven planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.4"
},
{
"_id": null,
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"_id": null,
"model": "utilities advanced spatial and operational analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0.1"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3.0.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.3"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"_id": null,
"model": "autovue vuelink integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"_id": null,
"model": "fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"_id": null,
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"_id": null,
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.8.2"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "enterprise manager for oracle database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.2"
},
{
"_id": null,
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"_id": null,
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.2"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "financial services lending and leasing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.8.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"_id": null,
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.0"
},
{
"_id": null,
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"_id": null,
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.5"
},
{
"_id": null,
"model": "goldengate",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"_id": null,
"model": "communications messaging server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.1.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.0"
},
{
"_id": null,
"model": "in-memory performance-driven planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.9"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.3"
},
{
"_id": null,
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"_id": null,
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4"
},
{
"_id": null,
"model": "enterprise manager for oracle database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.8"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.7"
},
{
"_id": null,
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.5"
},
{
"_id": null,
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.7"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.8131"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.1"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.1.0"
},
{
"_id": null,
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"_id": null,
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.3.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"_id": null,
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "enterprise manager for mysql database",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.2.0.0"
},
{
"_id": null,
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"_id": null,
"model": "identity analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.5.8"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"_id": null,
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.7"
},
{
"_id": null,
"model": "communications network integrity",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.1"
},
{
"_id": null,
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.3.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.5"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.7"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.7"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.9"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.8"
},
{
"_id": null,
"model": "communications service broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3.0.2"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"_id": null,
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"_id": null,
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.10"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.1"
},
{
"_id": null,
"model": "log4j",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.8.2"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:log4j",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "153344"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 0.8
},
"cve": "CVE-2017-5645",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5645",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-113848",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5645",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5645",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5645",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-5645",
"trust": 0.8,
"value": "Critical"
},
{
"author": "VULHUB",
"id": "VHN-113848",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5645",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "VULMON",
"id": "CVE-2017-5645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"description": {
"_id": null,
"data": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. A code issue vulnerability exists in Apache Log4j 2.x versions prior to 2.8.2. An attacker could exploit this vulnerability to execute arbitrary code. \n\nSecurity Fix(es):\n\n* hawtio-osgi (CVE-2017-5645)\n\n* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)\n\n* apache-commons-compress (CVE-2019-12402)\n\n* karaf-transaction-manager-narayana: netty (CVE-2019-16869,\nCVE-2019-20445)\n\n* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934,\nCVE-2020-13935, CVE-2020-11996)\n\n* spring-cloud-config-server (CVE-2020-5410)\n\n* velocity (CVE-2020-13936)\n\n* httpclient: apache-httpclient (CVE-2020-13956)\n\n* shiro-core: shiro (CVE-2020-17510)\n\n* hibernate-core (CVE-2020-25638)\n\n* wildfly-openssl (CVE-2020-25644)\n\n* jetty (CVE-2020-27216, CVE-2021-28165)\n\n* bouncycastle (CVE-2020-28052)\n\n* wildfly (CVE-2019-14887, CVE-2020-25640)\n\n* resteasy-jaxrs: resteasy (CVE-2020-1695)\n\n* camel-olingo4 (CVE-2020-1925)\n\n* springframework (CVE-2020-5421)\n\n* jsf-impl: Mojarra (CVE-2020-6950)\n\n* resteasy (CVE-2020-10688)\n\n* hibernate-validator (CVE-2020-10693)\n\n* wildfly-elytron (CVE-2020-10714)\n\n* undertow (CVE-2020-10719)\n\n* activemq (CVE-2020-13920)\n\n* cxf-core: cxf (CVE-2020-13954)\n\n* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)\n\n* jboss-ejb-client: wildfly (CVE-2020-14297)\n\n* xercesimpl: wildfly (CVE-2020-14338)\n\n* xnio (CVE-2020-14340)\n\n* flink: apache-flink (CVE-2020-17518)\n\n* resteasy-client (CVE-2020-25633)\n\n* xstream (CVE-2020-26258)\n\n* mybatis (CVE-2020-26945)\n\n* pdfbox (CVE-2021-27807, CVE-2021-27906)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers\n1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature\n1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability\n1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE\n1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack\n1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS\n1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS\n1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl\n1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS\n1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling\n1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack\n1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid\n1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used\n1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error\n1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs\n1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution\n1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability\n1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath\n1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass\n1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling\n1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible\n1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API\n1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates\n1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file\n1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file\n1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame\n\n5. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7,\nand includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. (CVE-2017-5645)\n\n* A vulnerability was found in Jasypt that would allow an attacker to\nperform a timing attack on password hash comparison. (CVE-2014-9970)\n\n* It was found that an information disclosure flaw in Bouncy Castle could\nenable a local malicious application to gain access to user\u0027s private\ninformation. (CVE-2015-6644)\n\n* It was found that while parsing the SAML messages the StaxParserUtil\nclass of Picketlink replaces special strings for obtaining attribute values\nwith system property. This could allow an attacker to determine values of\nsystem properties at the attacked system by formatting the SAML request ID\nfield to be the chosen system property which could be obtained in the\n\"InResponseTo\" field in the response. (CVE-2017-2582)\n\n* It was found that when the security manager\u0027s reflective permissions,\nwhich allows it to access the private members of the class, are granted to\nHibernate Validator, a potential privilege escalation can occur. By\nallowing the calling code to access those private members without the\npermission an attacker may be able to validate an invalid instance and\naccess the private member value via ConstraintViolation#getInvalidValue(). Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n1410481 - CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1444015 - CVE-2015-6644 bouncycastle: Information disclosure in GCMBlockCipher\n1455566 - CVE-2014-9970 jasypt: Vulnerable to timing attack against the password hash comparison\n1465573 - CVE-2017-7536 hibernate-validator: Privilege escalation when running under the security manager\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-11485 - Tracker bug for the EAP 7.0.8 release for RHEL-7\n\n7. \n\nSecurity Fix(es):\n\n* bsh2: remote code execution via deserialization (CVE-2016-2510)\n\n* log4j: Socket receiver deserialization vulnerability (CVE-2017-5645)\n\n* uima: XML external entity expansion (XXE) can allow attackers to execute\narbitrary code (CVE-2017-15691)\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n\n* thrift: Improper Access Control grants access to files outside the\nwebservers docroot path (CVE-2018-11798)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nInstallation instructions are available from the Fuse 7.3.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310647 - CVE-2016-2510 bsh2: remote code execution via deserialization\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1572463 - CVE-2017-15691 uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1667188 - CVE-2018-11798 thrift: Improper Access Control grants access to files outside the webservers docroot path\n\n5. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-java-common-log4j security update\nAdvisory ID: RHSA-2017:1417-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1417\nIssue date: 2017-06-08\nCVE Names: CVE-2017-5645 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-java-common-log4j is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nLog4j is a tool to help the programmer output log statements to a variety\nof output targets. (CVE-2017-5645)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-5645\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZOQMQXlSAg2UNWIIRAgwvAJ9zqVY6yvhkuO8Uqdtyu86+9P1VIgCgtBhf\nceYEsokMPo3LCY/99DiysrI=\n=wZ5c\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2017-5645)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. \n(CVE-2017-7525)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting\nCVE-2017-7525",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "VULMON",
"id": "CVE-2017-5645"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "153344"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-5645",
"trust": 2.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/12/19/2",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1041294",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040200",
"trust": 1.1
},
{
"db": "BID",
"id": "97702",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "144018",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144013",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142856",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143500",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144014",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143670",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144596",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143499",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144019",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145262",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201704-852",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92965",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113848",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5645",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144347",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144358",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144360",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "VULMON",
"id": "CVE-2017-5645"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "153344"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"id": "VAR-201704-1589",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:56:50.077000Z",
"patch": {
"_id": null,
"data": [
{
"title": "LOG4J2-1863",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/LOG4J2-1863"
},
{
"title": "Red Hat: Important: Red Hat JBoss BRMS 6.4.6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172888 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss BPM Suite 6.4.6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172889 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 5.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173400 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 5.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173399 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-java-common-log4j security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171417 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Data Grid 7.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173244 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2017-5645: socket receiver deserialization vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3fdfc30e441b98eacc4cae3c3c8416ea"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172810 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171802 - Security Advisory"
},
{
"title": "Red Hat: Important: eap7-jboss-ec2-eap security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172811 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172808 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191545 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172809 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171801 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: apache-log4j1.2: CVE-2019-17571",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9b1a2b3bcff03a4370bb153cc1e9d89e"
},
{
"title": "Red Hat: CVE-2017-5645",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-5645"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1562",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1562"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=549dc795290b298746065b62b4bb7928"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "Log4J-RCE-Implementation",
"trust": 0.1,
"url": "https://github.com/Marcelektro/Log4J-RCE-Implementation "
},
{
"title": "CVE-2017-5645",
"trust": 0.1,
"url": "https://github.com/pimps/CVE-2017-5645 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/spmonkey/spassassin "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-5645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5645"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:1417"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2633"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2637"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2808"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2809"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2810"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:1545"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97702"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.1,
"url": "https://issues.apache.org/jira/browse/log4j2-1863"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20181107-0002/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2019/12/19/2"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1801"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1802"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2423"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2635"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2636"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2638"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2811"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2888"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2889"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3244"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3399"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3400"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040200"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1041294"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3cissues.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3ccommits.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3ccommits.doris.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2017-5645"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5645"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9970"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6644"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2582"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-6644"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-7536"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-9970"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7536"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-2582"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5664"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-7525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform?version=6.4/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3cannounce.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3cissues.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3ccommits.doris.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3ccommits.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5410"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9484"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25638"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27807"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.3.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "153344"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-113848",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-5645",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163798",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144347",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144358",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153344",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144360",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144013",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "142856",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144018",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-5645",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-113848",
"ident": null
},
{
"date": "2017-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5645",
"ident": null
},
{
"date": "2021-08-12T15:42:56",
"db": "PACKETSTORM",
"id": "163798",
"ident": null
},
{
"date": "2017-09-26T03:56:00",
"db": "PACKETSTORM",
"id": "144347",
"ident": null
},
{
"date": "2017-09-27T06:16:07",
"db": "PACKETSTORM",
"id": "144358",
"ident": null
},
{
"date": "2019-06-19T17:19:04",
"db": "PACKETSTORM",
"id": "153344",
"ident": null
},
{
"date": "2017-09-27T06:16:28",
"db": "PACKETSTORM",
"id": "144360",
"ident": null
},
{
"date": "2017-09-05T23:23:00",
"db": "PACKETSTORM",
"id": "144013",
"ident": null
},
{
"date": "2017-06-08T14:39:46",
"db": "PACKETSTORM",
"id": "142856",
"ident": null
},
{
"date": "2017-09-06T04:16:37",
"db": "PACKETSTORM",
"id": "144018",
"ident": null
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"ident": null
},
{
"date": "2017-04-17T21:59:00.373000",
"db": "NVD",
"id": "CVE-2017-5645",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-113848",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5645",
"ident": null
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5645",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache Log4j Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 0.6
}
}
VAR-201804-1673
Vulnerability from variot - Updated: 2024-11-23 19:28Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. NOTE: This issue is the result of an incomplete fix for the issue described in BID 103696 (Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability). Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: Red Hat OpenShift Application Runtimes security and bug fix update Advisory ID: RHSA-2018:1320-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2018:1320 Issue date: 2018-05-03 CVE Names: CVE-2018-1271 CVE-2018-1272 CVE-2018-1275 CVE-2018-1304 CVE-2018-1305 =====================================================================
- Summary:
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR Spring Boot 1.5.10, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
-
spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)
-
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems (CVE-2018-1271)
-
tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
-
tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
-
spring-framework: Multipart content pollution (CVE-2018-1272)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users 1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources 1564408 - CVE-2018-1272 spring-framework: Multipart content pollution 1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270 1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems
- References:
https://access.redhat.com/security/cve/CVE-2018-1271 https://access.redhat.com/security/cve/CVE-2018-1272 https://access.redhat.com/security/cve/CVE-2018-1275 https://access.redhat.com/security/cve/CVE-2018-1304 https://access.redhat.com/security/cve/CVE-2018-1305 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.spring.boot&version=1.5.12 https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFa60G7XlSAg2UNWIIRApKzAKCZF1t3YH8mPwN6Q3TN9nAxp9mZHQCglRth c3tFEafC+xcftRfJKlS6jU4= =NRhi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1673",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tape library acsls",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.1.1"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.3.2.1"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.3.1.1"
},
{
"model": "goldengate for big data",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.6.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.0.1"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.0"
},
{
"model": "communications performance intelligence center",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.0.5"
},
{
"model": "communications diameter signaling router",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.1"
},
{
"model": "service architecture leveraging tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "4.3.16"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.9,
"vendor": "pivotal",
"version": "5.0.1"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "4.3.16"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.3"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.1"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.4"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "4.3.2"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "5.0.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.15"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.14"
},
{
"model": "spring framework",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "soa suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.3"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.4"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "communications online mediation controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "-6.1"
},
{
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "-6.0"
},
{
"model": "big data discovery",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.6"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "5.0.5"
},
{
"model": "spring framework",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "4.3.16"
},
{
"model": "communications webrtc session controller",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
}
],
"sources": [
{
"db": "BID",
"id": "103771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:pivotal_software:spring_framework",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "and 0c0c0f.,rwx, Christoph Dreis",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
],
"trust": 0.6
},
"cve": "CVE-2018-1275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-1275",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-122740",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-1275",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1275",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1275",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-1275",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-563",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-122740",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-1275",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. Spring Framework Contains a security check vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. \nNOTE: This issue is the result of an incomplete fix for the issue described in BID 103696 (Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability). Pivotal Spring Framework is an open source Java and Java EE application framework developed by Pivotal Software in the United States. The framework helps developers build high-quality applications. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: Red Hat OpenShift Application Runtimes security and bug fix update\nAdvisory ID: RHSA-2018:1320-01\nProduct: Red Hat OpenShift Application Runtimes\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:1320\nIssue date: 2018-05-03\nCVE Names: CVE-2018-1271 CVE-2018-1272 CVE-2018-1275 \n CVE-2018-1304 CVE-2018-1305 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat OpenShift Application Runtimes. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Openshift Application Runtimes provides an application platform\nthat reduces the complexity of developing and operating applications\n(monoliths and microservices) for OpenShift as a containerized platform. \n\nThis release of RHOAR Spring Boot 1.5.12 serves as a replacement for RHOAR\nSpring Boot 1.5.10, and includes bug fixes and enhancements. For further\ninformation, refer to the Release Notes linked to in the References\nsection. \n\nSecurity Fix(es):\n\n* spring-framework: Address partial fix for CVE-2018-1270 (CVE-2018-1275)\n\n* spring-framework: Directory traversal vulnerability with static resources\non Windows filesystems (CVE-2018-1271)\n\n* tomcat: Incorrect handling of empty string URL in security constraints\ncan lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource\nexposure for unauthorised users (CVE-2018-1305)\n\n* spring-framework: Multipart content pollution (CVE-2018-1272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1548282 - CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users\n1548289 - CVE-2018-1304 tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources\n1564408 - CVE-2018-1272 spring-framework: Multipart content pollution\n1565307 - CVE-2018-1275 spring-framework: Address partial fix for CVE-2018-1270\n1571050 - CVE-2018-1271 spring-framework: Directory traversal vulnerability with static resources on Windows filesystems\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-1271\nhttps://access.redhat.com/security/cve/CVE-2018-1272\nhttps://access.redhat.com/security/cve/CVE-2018-1275\nhttps://access.redhat.com/security/cve/CVE-2018-1304\nhttps://access.redhat.com/security/cve/CVE-2018-1305\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=1.5.12\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFa60G7XlSAg2UNWIIRApKzAKCZF1t3YH8mPwN6Q3TN9nAxp9mZHQCglRth\nc3tFEafC+xcftRfJKlS6jU4=\n=NRhi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1275"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "BID",
"id": "103771"
},
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1275",
"trust": 3.1
},
{
"db": "BID",
"id": "103771",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041301",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122740",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149847",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147489",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "BID",
"id": "103771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"id": "VAR-201804-1673",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:28:23.339000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-1275: Address partial fix for CVE-2018-1270",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2018-1275"
},
{
"title": "Pivotal Spring Framework Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83325"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/01/18/new_oracle_bugs/"
},
{
"title": "Red Hat: Critical: Red Hat FIS 2.0 on Fuse 6.3.0 R8 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182939 - Security Advisory"
},
{
"title": "Red Hat: CVE-2018-1275",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-1275"
},
{
"title": "Debian CVElist Bug Report Logs: libspring-java: CVE-2018-1270 CVE-2018-1272",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cf592ea3b0a1913a29c923afe44cd4b7"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "IBM: Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dea47d76eee003a50f853f241578c37"
},
{
"title": "PPPRASP\n0x00 Start\n0x01 \u57fa\u672c\u6f0f\u6d1e\u68c0\u6d4b\u7c7b\u578b ing\n0x02 CVE\u6f0f\u6d1e\u68c0\u6d4b",
"trust": 0.1,
"url": "https://github.com/Whoopsunix/PPPRASP "
},
{
"title": "https://github.com/bkhablenko/CVE-2017-8046",
"trust": 0.1,
"url": "https://github.com/bkhablenko/CVE-2017-8046 "
},
{
"title": "gocarts(go-CERT-alerts-summarizer)\nAbstract\nMain features\nUsage\nFetch JPCERT\nFetch USCERT\nSearch mode\nOutput Mode\nLicense\nAuthor",
"trust": 0.1,
"url": "https://github.com/tomoyamachi/gocarts "
},
{
"title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-358",
"trust": 1.9
},
{
"problemtype": "CWE-94",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/103771"
},
{
"trust": 2.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 2.1,
"url": "https://pivotal.io/security/cve-2018-1275"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:1320"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2939"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041301"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1275"
},
{
"trust": 0.9,
"url": "http://pivotal.io/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1275"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-guardium-data-encryption-gde-3/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1305"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-1275"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1305"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/whoopsunix/ppprasp"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1260"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1270"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3060411"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html/red_hat_openshift_application_runtimes_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.spring.boot\u0026version=1.5.12"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1272"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "BID",
"id": "103771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122740"
},
{
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"db": "BID",
"id": "103771"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"db": "PACKETSTORM",
"id": "149847"
},
{
"db": "PACKETSTORM",
"id": "147489"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
},
{
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-122740"
},
{
"date": "2018-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"date": "2018-04-13T00:00:00",
"db": "BID",
"id": "103771"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"date": "2018-10-18T03:51:21",
"db": "PACKETSTORM",
"id": "149847"
},
{
"date": "2018-05-04T01:11:44",
"db": "PACKETSTORM",
"id": "147489"
},
{
"date": "2018-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-563"
},
{
"date": "2018-04-11T13:29:00.353000",
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-122740"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1275"
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "103771"
},
{
"date": "2018-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003100"
},
{
"date": "2021-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-563"
},
{
"date": "2024-11-21T03:59:31.333000",
"db": "NVD",
"id": "CVE-2018-1275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Vulnerabilities related to security checks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-563"
}
],
"trust": 0.6
}
}
VAR-202107-1611
Vulnerability from variot - Updated: 2024-08-14 12:22Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The database management system provides functions such as data management and distributed processing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zfs storage application integration engineering software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.3.3"
},
{
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"model": "retail order management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.5"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "rapid planning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.11"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "argus analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0"
},
{
"model": "health sciences clinical development analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.9.0"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.1.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "argus analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "big data spatial and graph",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.12"
},
{
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "argus insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2.1.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "financial services foreign account tax compliance act management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.20.0"
},
{
"model": "primavera analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"model": "goldengate application adapters",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"model": "real user experience insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.1.0"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.1.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.10.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.3.0"
},
{
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "financial services foreign account tax compliance act management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "advanced networking option",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "airlines data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1.0.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.20"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "timesten in-memory database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.1.1.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "primavera analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.3.3"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.14.0"
},
{
"model": "real user experience insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.1.0"
},
{
"model": "argus mart",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "thesaurus management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "application performance management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.1.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.1.1"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.12.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"model": "timesten in-memory database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.1.1.0"
},
{
"model": "communications convergent charging controller",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.24.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"model": "retail analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2.3.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "thesaurus management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.3"
},
{
"model": "clinical",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.1"
},
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "primavera data warehouse",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.11.1"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "banking digital experience",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "primavera analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.11.1"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.3.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.7"
},
{
"model": "retail customer insights",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "utilities testing accelerator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0.2.2"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "banking digital experience",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "communications diameter intelligence hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7"
},
{
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "financial services foreign account tax compliance act management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "hyperion infrastructure technology",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "hospitality opera 5",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "argus insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "retail analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "communications diameter intelligence hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.7.0"
},
{
"model": "thesaurus management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "financial services model management and governance",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0.0"
},
{
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "documaker",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.4"
},
{
"model": "hospitality inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.17.0"
},
{
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "argus insight",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "argus analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "health sciences inform crf submit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.11"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.3.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.4.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "advanced networking option",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "banking apis",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "clinical",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.2"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.9.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.11.0"
},
{
"model": "financial services model management and governance",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0.0"
},
{
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.24"
},
{
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "documaker",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.2"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.5.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "banking apis",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.7"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.3"
},
{
"model": "oss support tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.42"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.17.0"
},
{
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"model": "advanced networking option",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.24"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "communications metasolv solution",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "documaker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0"
},
{
"model": "argus mart",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2"
},
{
"model": "rapid planning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.3.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.2"
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0.1.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.0.0"
},
{
"model": "graph server and client",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.4.0"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0.2"
},
{
"model": "airlines data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.0"
},
{
"model": "hospitality reporting and analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "storagetek tape analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4"
},
{
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.2.0"
},
{
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "primavera data warehouse",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.8"
},
{
"model": "spatial studio",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2.1"
},
{
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "goldengate",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.5"
},
{
"model": "demantra demand management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"model": "communications convergent charging controller",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "argus safety",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "primavera p6 professional project management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.9.0"
},
{
"model": "retail customer insights",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "demantra demand management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.11"
},
{
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "hospitality inventory management",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.13.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "argus mart",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "primavera p6 professional project management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.5.0.0.220118"
},
{
"model": "communications data model",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2.2.0"
},
{
"model": "primavera data warehouse",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.3.3"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "blockchain platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "oracle hospitality suite8",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services model management and governance",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera p6 professional project management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera data warehouse",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle banking digital experience",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle flexcube private banking",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "siebel ui framework",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": "21.12 and earlier"
},
{
"model": "oracle retail xstore point of service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services analytical applications infrastructure",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle enterprise manager ops center",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle clinical",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle healthcare foundation",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle application testing suite",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle health sciences inform crf submit",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle goldengate",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance data gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "hyperion infrastructure technology",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail returns management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications metasolv solution",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications data model",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance rules palette",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services behavior detection platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail service backbone",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services trade-based anti money laundering",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle demantra demand management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle healthcare data repository",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle data integrator",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail predictive application server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle spatial studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle airlines data model",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle flexcube investor servicing",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle enterprise data quality",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oss support tools",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle healthcare translational research",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications application session controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail merchandising system",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus safety",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications design studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle fusion middleware",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle real user experience insight",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "communications session route manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail order management system",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail price management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance policy administration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle application performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail assortment planning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera unifier",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications convergent charging controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services foreign account tax compliance act management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle utilities framework",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail point-of-service",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail central office",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications contacts server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle agile engineering data management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle policy automation",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "enterprise manager base platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications session report manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle zfs storage application integration engineering software",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail order broker",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle banking apis",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle product lifecycle analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle health sciences clinical development analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle ilearning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle commerce platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications network integrity",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail financial integration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "advanced networking option",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle utilities testing accelerator",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "instantis enterprisetrack",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle health sciences information manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail back office",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus insight",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle thesaurus management system",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle argus mart",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle insurance insbridge rating and underwriting",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "primavera analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "big data spatial and graph",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services enterprise case management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail integration bus",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail customer insights",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications network charging and control",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications calendar server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail store inventory management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle rapid planning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle hospitality opera 5",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle agile plm",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle graph server and client",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail extract transform and load",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle times-ten in-memory database",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"cve": "CVE-2021-2351",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2021-2351",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-377037",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2021-2351",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secalert_us@oracle.com",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2021-2351",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-013664",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-2351",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secalert_us@oracle.com",
"id": "CVE-2021-2351",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-2351",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1424",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-377037",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The database management system provides functions such as data management and distributed processing",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-2351",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "165258",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "165255",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012652",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041941",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072053",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012331",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012766",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012328",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012771",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011911",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042212",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072093",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-09810",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-377037",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-2351",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"id": "VAR-202107-1611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:22:27.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02022 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"title": "Oracle Database Server Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178520"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-384",
"trust": 1.0
},
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/165258/oracle-database-weak-nne-integrity-key-derivation.html"
},
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/165255/oracle-database-protection-mechanism-bypass.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/dec/19"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/dec/20"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2351"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072053"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072038"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6507591"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072093"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041941"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220422122"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012766"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012328"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011911"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-database-vulnerabilities-of-july-2021-35942"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012331"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012771"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377037"
},
{
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-377037"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"date": "2022-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"date": "2021-07-21T15:15:21.827000",
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-377037"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-2351"
},
{
"date": "2022-09-21T03:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-013664"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1424"
},
{
"date": "2024-02-16T18:48:45.617000",
"db": "NVD",
"id": "CVE-2021-2351"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle\u00a0Database\u00a0Server\u00a0 of \u00a0Advanced\u00a0Networking\u00a0Option\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013664"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
CVE-2016-8319 (GCVE-0-2016-8319)
Vulnerability from nvd – Published: 2017-01-27 22:01 – Updated: 2024-10-09 19:59- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95514 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:31.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95514",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95514"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:56.258412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:59:13.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95514",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95514"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95514"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8319",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T19:59:13.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8317 (GCVE-0-2016-8317)
Vulnerability from nvd – Published: 2017-01-27 22:01 – Updated: 2024-10-09 19:59- CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95517 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95517"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:59.490556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:59:33.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95517"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95517"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8317",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T19:59:33.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8316 (GCVE-0-2016-8316)
Vulnerability from nvd – Published: 2017-01-27 22:01 – Updated: 2024-10-09 19:59- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95516 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95516",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95516"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:31:01.010331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:59:44.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95516",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95516"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95516"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8316",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T19:59:44.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8315 (GCVE-0-2016-8315)
Vulnerability from nvd – Published: 2017-01-27 22:01 – Updated: 2024-10-09 19:59- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95496 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95496"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:27:17.602545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:59:54.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95496"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95496"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8315",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T19:59:54.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8309 (GCVE-0-2016-8309)
Vulnerability from nvd – Published: 2017-01-27 22:01 – Updated: 2024-10-09 20:00- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95518 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95518"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:31:08.278335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:00:55.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95518"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95518"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8309",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T20:00:55.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8306 (GCVE-0-2016-8306)
Vulnerability from nvd – Published: 2017-01-27 22:01 – Updated: 2024-10-09 20:01- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95515 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95515"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:31:11.618769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:01:25.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95515"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95515"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8306",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T20:01:25.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5509 (GCVE-0-2016-5509)
Vulnerability from nvd – Published: 2017-01-27 22:01 – Updated: 2024-10-09 20:05- CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95519 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:01:00.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95519",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95519"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-5509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:31:37.986426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:05:00.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95519",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95519"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-5509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95519"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-5509",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-06-16T00:00:00.000Z",
"dateUpdated": "2024-10-09T20:05:00.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8319 (GCVE-0-2016-8319)
Vulnerability from cvelistv5 – Published: 2017-01-27 22:01 – Updated: 2024-10-09 19:59- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95514 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:31.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95514",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95514"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:56.258412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:59:13.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95514",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95514"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95514"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8319",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T19:59:13.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8306 (GCVE-0-2016-8306)
Vulnerability from cvelistv5 – Published: 2017-01-27 22:01 – Updated: 2024-10-09 20:01- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95515 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95515"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:31:11.618769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:01:25.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95515"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95515"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8306",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T20:01:25.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8309 (GCVE-0-2016-8309)
Vulnerability from cvelistv5 – Published: 2017-01-27 22:01 – Updated: 2024-10-09 20:00- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95518 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95518"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:31:08.278335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:00:55.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95518"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95518"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8309",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T20:00:55.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8315 (GCVE-0-2016-8315)
Vulnerability from cvelistv5 – Published: 2017-01-27 22:01 – Updated: 2024-10-09 19:59- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95496 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95496",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95496"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:27:17.602545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:59:54.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95496",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95496"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95496"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8315",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T19:59:54.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8316 (GCVE-0-2016-8316)
Vulnerability from cvelistv5 – Published: 2017-01-27 22:01 – Updated: 2024-10-09 19:59- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95516 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95516",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95516"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:31:01.010331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:59:44.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95516",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95516"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95516"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8316",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T19:59:44.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8317 (GCVE-0-2016-8317)
Vulnerability from cvelistv5 – Published: 2017-01-27 22:01 – Updated: 2024-10-09 19:59- CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95517 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:20:30.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95517"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:30:59.490556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:59:33.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95517"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95517"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-8317",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-09-26T00:00:00.000Z",
"dateUpdated": "2024-10-09T19:59:33.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5509 (GCVE-0-2016-5509)
Vulnerability from cvelistv5 – Published: 2017-01-27 22:01 – Updated: 2024-10-09 20:05- CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95519 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1037636 | vdb-entryx_refsource_SECTRACK |
| http://www.oracle.com/technetwork/security-adviso… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle | FLEXCUBE Investor Servicing |
Affected:
12.0.1
Affected: 12.0.2 Affected: 12.0.4 Affected: 12.1.0 Affected: 12.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:01:00.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95519",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95519"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-5509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:31:37.986426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T20:05:00.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FLEXCUBE Investor Servicing",
"vendor": "Oracle",
"versions": [
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "12.1.0"
},
{
"status": "affected",
"version": "12.3.0"
}
]
}
],
"datePublic": "2017-01-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T21:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "95519",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95519"
},
{
"name": "1037636",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-5509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1"
},
{
"version_value": "12.0.2"
},
{
"version_value": "12.0.4"
},
{
"version_value": "12.1.0"
},
{
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95519"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2016-5509",
"datePublished": "2017-01-27T22:01:00.000Z",
"dateReserved": "2016-06-16T00:00:00.000Z",
"dateUpdated": "2024-10-09T20:05:00.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}