Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
80 vulnerabilities found for clearpass by arubanetworks
VAR-201404-0585
Vulnerability from variot - Updated: 2026-03-09 21:05MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. The following products are vulnerable: Apache Commons FileUpload 1.0 through versions 1.3 Apache Tomcat 8.0.0-RC1 through versions 8.0.1 Apache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29
http://security.gentoo.org/
Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29
Synopsis
Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56
Description
Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.
Resolution
All Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"
All Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"
References
[ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-29.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Summary
VMware has updated vSphere third party libraries
-
Relevant releases
VMware vCenter Server 5.5 prior to Update 2
VMware vCenter Update Manager 5.5 prior to Update 2
VMware ESXi 5.5 without patch ESXi550-201409101-SG
-
Problem Description
a. vCenter Server Apache Struts Update
The Apache Struts library is updated to address a security issue.
This issue may lead to remote code execution after authentication.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-0114 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any 5.5 Update 2
vCenter Server 5.1 any Patch Pending
vCenter Server 5.0 any Patch Pending
b.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and
CVE-2014-0050 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any 5.5 Update 2
vCenter Server 5.1 any Patch Pending
vCenter Server 5.0 any Patch Pending
c. Update to ESXi glibc package
glibc is updated to address multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to
these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
ESXi 5.5 any ESXi550-201409101-SG
ESXi 5.1 any Patch Pending
ESXi 5.0 any Patch Pending
d. vCenter and Update Manager, Oracle JRE 1.7 Update 55
Oracle has documented the CVE identifiers that are addressed in
JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update
Advisory of April 2014.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 any 5.5 Update 2
vCenter Server 5.1 any not applicable *
vCenter Server 5.0 any not applicable *
vCenter Update Manager 5.5 any 5.5 Update 2
vCenter Update Manager 5.1 any not applicable *
vCenter Update Manager 5.0 any not applicable *
* this product uses the Oracle JRE 1.6.0 family *
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Server and Update Manager 5.5u2
Downloads and Documentation: https://www.vmware.com/go/download-vsphere
ESXi 5.5
Download: https://www.vmware.com/patchmgr/findPatch.portal
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914
JRE
Oracle Java SE Critical Patch Update Advisory of April 2014
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
- Change log
2014-09-09 VMSA-2014-0008 Initial security advisory in conjunction with the release of vSphere 5.5 Update 2 on 2014-09-09. Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05324755 Version: 1
HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-11-04 Last Updated: 2016-11-04
Potential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary Code Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery.
References:
- CVE-2014-0114 - Apache Struts, execution of arbitrary code
- CVE-2016-0763 - Apache Tomcat, denial of service (DoS)
- CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions
- CVE-2015-3253 - Apache Groovy, execution of arbitrary code
- CVE-2015-5652 - Python, elevation of privilege
- CVE-2013-6429 - Spring Framework, cross-site request forgery
- CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)
- PSRT110264
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HP SiteScope Monitors Software Series 11.2xa11.32IP1
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2013-6429
6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0050
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0107
8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2014-0114
6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-3253
7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2015-5652
8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVE-2016-0763
6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided a resolution via an update to HPE SiteScope. Details on the update and each vulnerability are in the KM articles below.
Note: The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: https://softwaresupport.hpe.com.
-
Apache Commons FileUpload: KM02550251 (CVE-2014-0050):
-
Apache Struts: KM02553983 (CVE-2014-0114):
-
Apache Tomcat: KM02553990 (CVE-2016-0763):
-
Apache XML Xalan: KM02553991 (CVE-2014-0107):
-
Apache Groovy: KM02553992 (CVE-2015-3253):
-
Python: KM02553997 (CVE-2015-5652):
-
Spring Framework: KM02553998 (CVE-2013-6429):
HISTORY Version:1 (rev.1) - 4 November 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.
This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes various bug fixes, which are listed in the README file included with the patch files.
The following security issues are also addressed with this release:
It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. (CVE-2013-7285)
It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. (CVE-2014-0003)
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. (CVE-2013-6440)
It was found that the Apache Camel XSLT component would resolve entities in XML messages when transforming them using an XSLT route. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials.
CVE-2013-2071
A runtime exception in AsyncListener.onComplete() prevents the request from
being recycled. This may expose elements of a previous request to a current
request.
CVE-2013-4322
When processing a request submitted using the chunked transfer encoding,
Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount
of data to the server.
For the stable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u1.
For the testing distribution (jessie), these problems have been fixed in version 7.0.52-1.
For the unstable distribution (sid), these problems have been fixed in version 7.0.52-1.
We recommend that you upgrade your tomcat7 packages. This issue was found to be only partially addressed in CVE-2014-0094.
CVE-2014-0050 may lead to a denial of service condition.
vCenter Operations Management Suite (vCOps) is affected by both
CVE-2014-0112 and CVE-2014-0050.
vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not
by CVE-2014-0112.
Workaround
A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager
application, access to that functionality is limited to authenticated administrators. This issue was reported responsibly to the Apache Software Foundation via JPCERT but an error in addressing an e-mail led to the unintended early disclosure of this issue[1].
Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Commons FileUpload 1.3.1 or later once released - - Upgrade to Apache Tomcat 8.0.2 or later once released - - Upgrade to Apache Tomcat 7.0.51 or later once released - - Apply the appropriate patch - Commons FileUpload: http://svn.apache.org/r1565143 - Tomcat 8: http://svn.apache.org/r1565163 - Tomcat 7: http://svn.apache.org/r1565169 - - Limit the size of the Content-Type header to less than 4091 bytes
Credit: This issue was reported to the Apache Software Foundation via JPCERT.
Additionally a build problem with maven was discovered, fixed maven packages is also being provided with this advisory.
References:
- CVE-2009-5028 - Namazu Remote Denial of Service
- CVE-2011-4345 - Namazu Cross-site Scripting
- CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of Information
- CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information
- CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information
- CVE-2017-5787 - DoS - LINUX VCRM
- CVE-2016-8517 - SIM
- CVE-2016-8516 - SIM
- CVE-2016-8518 - SIM
- CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM
- CVE-2016-8515 - Malicious File Upload - Linux VCRM
- CVE-2016-8514 - Information Disclosure - Linux VCRM
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. (CVE-2013-4286)
It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322)
It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update Advisory ID: RHSA-2014:0400-03 Product: Red Hat JBoss Fuse Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html Issue date: 2014-04-14 CVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 CVE-2014-0085 CVE-2014-1904 =====================================================================
- Summary:
Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Red Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat JBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the link in the References section, for a list of changes.
- Description:
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
Security fixes:
A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block. (CVE-2013-2172)
A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle attacker could possibly use this flaw to unilaterally disable bidirectional authentication between a client and a server, forcing a downgrade to simple (unidirectional) authentication. This flaw only affected users who have enabled Hadoop's Kerberos security features. (CVE-2013-2192)
It was discovered that the Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. A remote attacker could use this flaw to conduct XML External Entity (XXE) attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-4152)
It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. (CVE-2013-4517)
It was found that the Spring MVC SourceHttpMessageConverter enabled entity resolution by default. A remote attacker could use this flaw to conduct XXE attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-6429)
The Spring JavaScript escape method insufficiently escaped some characters. Applications using this method to escape user-supplied content, which would be rendered in HTML5 documents, could be exposed to cross-site scripting (XSS) flaws. (CVE-2013-6430)
A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. (CVE-2014-0050)
It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues in Spring were incomplete. Spring MVC processed user-provided XML and neither disabled XML external entities nor provided an option to disable them, possibly allowing a remote attacker to conduct XXE attacks. (CVE-2014-0054)
A cross-site scripting (XSS) flaw was found in the Spring Framework when using Spring MVC. When the action was not specified in a Spring form, the action field would be populated with the requested URI, allowing an attacker to inject malicious content into the form. (CVE-2014-1904)
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035)
An information disclosure flaw was found in the way Apache Zookeeper stored the password of an administrative user in the log files. A local user with access to these log files could use the exposed sensitive information to gain administrative access to an application using Apache Zookeeper. (CVE-2014-0085)
The CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and Arun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2014-0085 issue was discovered by Graeme Colman of Red Hat.
- Solution:
All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing 1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw 1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability 1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging 1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC 1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429
- References:
https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2172.html https://www.redhat.com/security/data/cve/CVE-2013-2192.html https://www.redhat.com/security/data/cve/CVE-2013-4152.html https://www.redhat.com/security/data/cve/CVE-2013-4517.html https://www.redhat.com/security/data/cve/CVE-2013-6429.html https://www.redhat.com/security/data/cve/CVE-2013-6430.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://www.redhat.com/security/data/cve/CVE-2014-0054.html https://www.redhat.com/security/data/cve/CVE-2014-0085.html https://www.redhat.com/security/data/cve/CVE-2014-1904.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.1.0 https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0 4iA38miFgmWgRtUp0Xztb6E= =/1+z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). The verification of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages (JSP) and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications.
Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.1"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.0"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.36"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.49"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.42"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.43"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.35"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.46"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.47"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.34"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.39"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.48"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.38"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.45"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.44"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0in"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.41"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.37"
},
{
"_id": null,
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service platform (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus primary server base (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus primary server base (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "programming environment for java )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "programming environment for java )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "cosminexus component container )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus component container window",
"scope": "ne",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "ne",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"_id": null,
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"_id": null,
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"_id": null,
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.2"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.8.1"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.7.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "linux 10.04.lts",
"scope": null,
"trust": 0.3,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": "linux enterprise server sp3 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.54"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.33"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.32"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.31"
},
{
"_id": null,
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.30"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.1"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.0"
},
{
"_id": null,
"model": "jboss fuse service works",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "jboss enterprise web server el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "jboss enterprise web server el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2.1"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "jboss enterprise application platform el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "jboss brms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.1"
},
{
"_id": null,
"model": "jboss brms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "jboss bpms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.1"
},
{
"_id": null,
"model": "jboss bpms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "jboss a-mq",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "fuse esb enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.1.0"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server eus 6.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.6.0"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.2"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.6.1"
},
{
"_id": null,
"model": "retail returns management rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail returns management 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "retail open commerce platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "retail central office rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "retail central office 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "retail back office rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "retail back office 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.10"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.16"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.15"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.14"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.13"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"_id": null,
"model": "health sciences empirica study",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"_id": null,
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.3.3"
},
{
"_id": null,
"model": "health sciences empirica inspections",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.1.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.2"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"_id": null,
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9.1"
},
{
"_id": null,
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.3"
},
{
"_id": null,
"model": "communications online mediation controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"_id": null,
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"_id": null,
"model": "application express 1.1-ea",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere message broker for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"_id": null,
"model": "websphere extended deployment compute grid",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "websphere extended deployment compute",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "websphere business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"_id": null,
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.3"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.2"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"_id": null,
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.13"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.12"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.11"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1100"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1000"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1000"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4100"
},
{
"_id": null,
"model": "tivoli remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "tivoli composite application manager for application diagnostics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.0"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.21"
},
{
"_id": null,
"model": "support assistant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.40"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.20"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.3.2"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.1"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.0"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.1"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.0"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.0.4"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.2.3"
},
{
"_id": null,
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.7"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.6"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.5"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.2"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.6"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.3.01"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "sametime proxy server and web client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"_id": null,
"model": "sametime proxy server and web client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"_id": null,
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.01"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"_id": null,
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"_id": null,
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational requirements composer ifix1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.04"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.3"
},
{
"_id": null,
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"_id": null,
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"_id": null,
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "omnifind enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "lotus widget factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "lotus mashups",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"_id": null,
"model": "lotus mashups",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.2"
},
{
"_id": null,
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "integration bus for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"_id": null,
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "infosphere guardium data redaction",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5"
},
{
"_id": null,
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"_id": null,
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.02"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "forms experience builder",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "forms experience builder",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9848-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9848-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9846-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9846-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"_id": null,
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem 9843-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"_id": null,
"model": "flashsystem",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8400"
},
{
"_id": null,
"model": "filenet services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "filenet p8 application engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.5"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.4"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.3"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.2"
},
{
"_id": null,
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"_id": null,
"model": "filenet content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "filenet collaboration services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.2"
},
{
"_id": null,
"model": "filenet business process framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"_id": null,
"model": "endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.122"
},
{
"_id": null,
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.11"
},
{
"_id": null,
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.19"
},
{
"_id": null,
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"_id": null,
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.19"
},
{
"_id": null,
"model": "content manager services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "content manager services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"_id": null,
"model": "content integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "content integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "content foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.3"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.2"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.5"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.4"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.3"
},
{
"_id": null,
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "usg9580 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "usg9560 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "usg9520 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "eudemon8000e-x8 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "eudemon8000e-x3 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "eudemon8000e-x16 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "espace meeting portal v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "anyoffice v200r002c10spc500",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8080"
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8060"
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8030"
},
{
"_id": null,
"model": "antiddos 500-d v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "1550"
},
{
"_id": null,
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "1520"
},
{
"_id": null,
"model": "sitescope monitors 11.32ip1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "sitescope monitors",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"_id": null,
"model": "sdn van controller",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.5"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "ucosminexus service platform (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus service architect (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service architect (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus primary server base (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0109-50"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus developer (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus developer (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus developer (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "ucosminexus application server-r (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server-r (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "programming environment for java (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"_id": null,
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "programming environment for java (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-10-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-10"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-02-04"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-05"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-04"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-01"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-02"
},
{
"_id": null,
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-06"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-03"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-02"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-01"
},
{
"_id": null,
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-06"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-02"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-01"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-12"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-11"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-10"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-09"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-08"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-07"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-06"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-04"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-03"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-07"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-06"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-05"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-04"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-03"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-02"
},
{
"_id": null,
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-02"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-02"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-02"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51-01"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51"
},
{
"_id": null,
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"_id": null,
"model": "cosminexus component container (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "cosminexus component container (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-08"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-08"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-01"
},
{
"_id": null,
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip wom hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip webaccelerator hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip psm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip psm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip pem hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip ltm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip link controller hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip link controller hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip gtm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip gtm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.40"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.00"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip asm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip apm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip analytics hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "big-ip analytics hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip analytics 11.0.0-hf2",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.0"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip afm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.02"
},
{
"_id": null,
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.01"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.2"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.1"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.3"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.0"
},
{
"_id": null,
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "5.0"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"_id": null,
"model": "tomcat 8.0.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"_id": null,
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "20"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.41"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.14"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.10"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.7"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.12"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.13"
},
{
"_id": null,
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"_id": null,
"model": "vcenter server update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.52"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.8.2"
},
{
"_id": null,
"model": "vcenter operations management suite",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.7.3"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"_id": null,
"model": "jboss a-mq",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"_id": null,
"model": "urbancode release",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.4"
},
{
"_id": null,
"model": "urbancode deploy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.14"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1200"
},
{
"_id": null,
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2000"
},
{
"_id": null,
"model": "sterling secure proxy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.8"
},
{
"_id": null,
"model": "infosphere guardium data redaction",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.1"
},
{
"_id": null,
"model": "filenet business process framework",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.10"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.123"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.12"
},
{
"_id": null,
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.110"
},
{
"_id": null,
"model": "dataquant",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2"
},
{
"_id": null,
"model": "dataquant",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.20"
},
{
"_id": null,
"model": "connections cr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "espace meeting portal v100r001c00spc303",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "anyoffice v200r002c10l00422",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"_id": null,
"model": "antiddos v100r001c00sph503",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "8000"
},
{
"_id": null,
"model": "cosminexus component container hp-ux",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"_id": null,
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.2"
},
{
"_id": null,
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"_id": null,
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.4"
},
{
"_id": null,
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16.1"
}
],
"sources": [
{
"db": "BID",
"id": "65400"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "126754"
},
{
"db": "PACKETSTORM",
"id": "126404"
}
],
"trust": 0.5
},
"cve": "CVE-2014-0050",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0050",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0050",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0050",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"description": {
"_id": null,
"data": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. \nThe following products are vulnerable:\nApache Commons FileUpload 1.0 through versions 1.3\nApache Tomcat 8.0.0-RC1 through versions 8.0.1\nApache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: December 15, 2014\n Bugs: #442014, #469434, #500600, #511762, #517630, #519590\n ID: 201412-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich may result in Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat \u003c 7.0.56 *\u003e= 6.0.41\n \u003e= 7.0.56\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.41\"\n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.56\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2733\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733\n[ 2 ] CVE-2012-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544\n[ 3 ] CVE-2012-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546\n[ 4 ] CVE-2012-4431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431\n[ 5 ] CVE-2012-4534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534\n[ 6 ] CVE-2012-5885\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885\n[ 7 ] CVE-2012-5886\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886\n[ 8 ] CVE-2012-5887\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887\n[ 9 ] CVE-2013-2067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067\n[ 10 ] CVE-2013-2071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071\n[ 11 ] CVE-2013-4286\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286\n[ 12 ] CVE-2013-4322\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322\n[ 13 ] CVE-2013-4590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590\n[ 14 ] CVE-2014-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033\n[ 15 ] CVE-2014-0050\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050\n[ 16 ] CVE-2014-0075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075\n[ 17 ] CVE-2014-0096\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096\n[ 18 ] CVE-2014-0099\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099\n[ 19 ] CVE-2014-0119\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-29.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Summary\n\n VMware has updated vSphere third party libraries\n\n2. Relevant releases\n\n \n VMware vCenter Server 5.5 prior to Update 2\n\n VMware vCenter Update Manager 5.5 prior to Update 2\n\n VMware ESXi 5.5 without patch ESXi550-201409101-SG\n\n\n3. Problem Description\n\n a. vCenter Server Apache Struts Update\n\n The Apache Struts library is updated to address a security issue. \n\n This issue may lead to remote code execution after authentication. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifier CVE-2014-0114 to this issue. \n\n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning\tReplace with/\n Product Version\ton\t Apply Patch\n ============= =======\t=======\t=================\n vCenter Server 5.5 any 5.5 Update 2\n vCenter Server 5.1 any Patch Pending\n vCenter Server 5.0 any Patch Pending\n\n b. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and \n CVE-2014-0050 to these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning Replace with/\n Product Version\ton\t Apply Patch\n ============= =======\t======= =================\n vCenter Server 5.5 any 5.5 Update 2\n vCenter Server 5.1 any Patch Pending\n vCenter Server 5.0 any Patch Pending\n \n c. Update to ESXi glibc package\n\n glibc is updated to address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to \n these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning Replace with/\n Product Version\ton\t Apply Patch\n ============= =======\t======= =================\n ESXi 5.5 any ESXi550-201409101-SG\n ESXi 5.1 any Patch Pending\n ESXi 5.0 any Patch Pending\n\nd. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\n Oracle has documented the CVE identifiers that are addressed in \n JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update \n Advisory of April 2014. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning Replace with/\n Product Version\ton Apply Patch\n ============= =======\t======= =================\n vCenter Server 5.5 any 5.5 Update 2\n vCenter Server 5.1 any not applicable *\n vCenter Server 5.0 any not applicable *\n vCenter Update Manager 5.5 any 5.5 Update 2\n vCenter Update Manager 5.1 any not applicable *\n vCenter Update Manager 5.0 any not applicable *\n \n * this product uses the Oracle JRE 1.6.0 family *\n\n4. Solution\n\n Please review the patch/release notes for your product and version \n and verify the checksum of your downloaded file. \n\n \n vCenter Server and Update Manager 5.5u2\n ---------------------------------------\n Downloads and Documentation:\n https://www.vmware.com/go/download-vsphere\n\n ESXi 5.5\n --------\n Download:\n https://www.vmware.com/patchmgr/findPatch.portal\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914\n\n JRE\n ---\n Oracle Java SE Critical Patch Update Advisory of April 2014\n \nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\n\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2014-09-09 VMSA-2014-0008\n Initial security advisory in conjunction with the release of vSphere\n 5.5 Update 2 on 2014-09-09. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324755\nVersion: 1\n\nHPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote\nDenial of Service, Arbitrary Code Execution and Cross-Site Request Forgery\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-04\nLast Updated: 2016-11-04\n\nPotential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary\nCode Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in HPE SiteScope. The\nvulnerabilities could be exploited to allow local elevation of privilege and\nexploited remotely to allow denial of service, arbitrary code execution,\ncross-site request forgery. \n\nReferences:\n\n - CVE-2014-0114 - Apache Struts, execution of arbitrary code\n - CVE-2016-0763 - Apache Tomcat, denial of service (DoS)\n - CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions \n - CVE-2015-3253 - Apache Groovy, execution of arbitrary code \n - CVE-2015-5652 - Python, elevation of privilege\n - CVE-2013-6429 - Spring Framework, cross-site request forgery\n - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)\n - PSRT110264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HP SiteScope Monitors Software Series 11.2xa11.32IP1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2013-6429\n 6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0050\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0107\n 8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0114\n 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-3253\n 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2015-5652\n 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\n 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n CVE-2016-0763\n 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\n 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided a resolution via an update to HPE SiteScope. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: \u003chttps://softwaresupport.hpe.com\u003e. \n\n\n * Apache Commons FileUpload: KM02550251 (CVE-2014-0050): \n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02550251\u003e\n\n\n * Apache Struts: KM02553983 (CVE-2014-0114):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553983\u003e\n\n\n * Apache Tomcat: KM02553990 (CVE-2016-0763):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553990\u003e\n\n * Apache XML Xalan: KM02553991 (CVE-2014-0107):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553991\u003e\n\n * Apache Groovy: KM02553992 (CVE-2015-3253):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553992\u003e\n\n * Python: KM02553997 (CVE-2015-5652):\n\n *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553997\u003e\n\n * Spring Framework: KM02553998 (CVE-2013-6429):\n\n +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553998\u003e\n\nHISTORY\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications. \n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files. \n\nThe following security issues are also addressed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. (CVE-2014-0003)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. (CVE-2013-6440)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. By repeatedly sending a request \n for an authenticated resource while the victim is completing the login \n form, an attacker could inject a request that would be executed using the \n victim\u0027s credentials. \n\nCVE-2013-2071\n\n A runtime exception in AsyncListener.onComplete() prevents the request from \n being recycled. This may expose elements of a previous request to a current \n request. \n\nCVE-2013-4322\n\n When processing a request submitted using the chunked transfer encoding, \n Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount \n of data to the server. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.0.28-4+deb7u1. \n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.0.52-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.52-1. \n\nWe recommend that you upgrade your tomcat7 packages. This issue was \n found to be only partially addressed in CVE-2014-0094. \n\n CVE-2014-0050 may lead to a denial of service condition. \n\n vCenter Operations Management Suite (vCOps) is affected by both \n CVE-2014-0112 and CVE-2014-0050. \n\n vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n by CVE-2014-0112. \n\n Workaround\n\n A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager\napplication, access to that functionality is limited to authenticated\nadministrators. \nThis issue was reported responsibly to the Apache Software Foundation\nvia JPCERT but an error in addressing an e-mail led to the unintended\nearly disclosure of this issue[1]. \n\nMitigation:\nUsers of affected versions should apply one of the following mitigations\n- - Upgrade to Apache Commons FileUpload 1.3.1 or later once released\n- - Upgrade to Apache Tomcat 8.0.2 or later once released\n- - Upgrade to Apache Tomcat 7.0.51 or later once released\n- - Apply the appropriate patch\n - Commons FileUpload: http://svn.apache.org/r1565143\n - Tomcat 8: http://svn.apache.org/r1565163\n - Tomcat 7: http://svn.apache.org/r1565169\n- - Limit the size of the Content-Type header to less than 4091 bytes\n\nCredit:\nThis issue was reported to the Apache Software Foundation via JPCERT. \n \n Additionally a build problem with maven was discovered, fixed maven\n packages is also being provided with this advisory. \n\nReferences:\n\n - CVE-2009-5028 - Namazu Remote Denial of Service\n - CVE-2011-4345 - Namazu Cross-site Scripting\n - CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of\nInformation\n - CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information\n - CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information\n - CVE-2017-5787 - DoS - LINUX VCRM\n - CVE-2016-8517 - SIM\n - CVE-2016-8516 - SIM\n - CVE-2016-8518 - SIM\n - CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM\n - CVE-2016-8515 - Malicious File Upload - Linux VCRM\n - CVE-2016-8514 - Information Disclosure - Linux VCRM\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nIt was found that previous fixes in Tomcat 6 to path parameter handling\nintroduced a regression that caused Tomcat to not properly disable URL\nrewriting to track session IDs when the disableURLRewriting option was\nenabled. A man-in-the-middle attacker could potentially use this flaw to\nhijack a user\u0027s session. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544\n1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled\n1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update\nAdvisory ID: RHSA-2014:0400-03\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html\nIssue date: 2014-04-14\nCVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 \n CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 \n CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 \n CVE-2014-0085 CVE-2014-1904 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal. \n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\nRed Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat\nJBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to\nthe Release Notes document, available from the link in the References\nsection, for a list of changes. \n\n2. Description:\n\nRed Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform. \n\nSecurity fixes:\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nA flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle\nattacker could possibly use this flaw to unilaterally disable bidirectional\nauthentication between a client and a server, forcing a downgrade to simple\n(unidirectional) authentication. This flaw only affected users who have\nenabled Hadoop\u0027s Kerberos security features. (CVE-2013-2192)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. (CVE-2013-4152)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIt was found that the Spring MVC SourceHttpMessageConverter enabled entity\nresolution by default. A remote attacker could use this flaw to conduct XXE\nattacks on web sites, and read files in the context of the user running the\napplication server. (CVE-2013-6429)\n\nThe Spring JavaScript escape method insufficiently escaped some characters. \nApplications using this method to escape user-supplied content, which would\nbe rendered in HTML5 documents, could be exposed to cross-site scripting\n(XSS) flaws. (CVE-2013-6430)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. (CVE-2014-0050)\n\nIt was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues\nin Spring were incomplete. Spring MVC processed user-provided XML and\nneither disabled XML external entities nor provided an option to disable\nthem, possibly allowing a remote attacker to conduct XXE attacks. \n(CVE-2014-0054)\n\nA cross-site scripting (XSS) flaw was found in the Spring Framework when\nusing Spring MVC. When the action was not specified in a Spring form, the\naction field would be populated with the requested URI, allowing an\nattacker to inject malicious content into the form. (CVE-2014-1904)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp when the native libraries were bundled in a JAR file, and no custom\nlibrary path was specified. A local attacker could overwrite these native\nlibraries with malicious versions during the window between when HawtJNI\nwrites them and when they are executed. (CVE-2013-2035)\n\nAn information disclosure flaw was found in the way Apache Zookeeper stored\nthe password of an administrative user in the log files. A local user with\naccess to these log files could use the exposed sensitive information to\ngain administrative access to an application using Apache Zookeeper. \n(CVE-2014-0085)\n\nThe CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and\nArun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035\nissue was discovered by Florian Weimer of the Red Hat Product Security\nTeam, and the CVE-2014-0085 issue was discovered by Graeme Colman of\nRed Hat. \n\n3. Solution:\n\nAll users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution\n999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing\n1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw\n1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability\n1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters\n1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack\n1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging\n1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC\n1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-2035.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2172.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2192.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4152.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4517.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6429.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6430.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0050.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0054.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0085.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-1904.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=6.1.0\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0\n4iA38miFgmWgRtUp0Xztb6E=\n=/1+z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat\n internals information by leveraging the presence of an untrusted web\n application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\n document containing an external entity declaration in conjunction\n with an entity reference, related to an XML External Entity (XXE)\n issue (CVE-2013-4590). The verification\n of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides\norganizations with a single deployment platform for Java Server Pages (JSP)\nand Java Servlet technologies, PHP, and CGI. It uses a genuine high\nperformance hybrid technology that incorporates the best of the most recent\nOS technologies for processing high volume data, while keeping all the\nreference Java specifications. \n\nApache Commons FileUpload package makes it easy to add robust,\nhigh-performance, file upload capability to servlets and web applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "PACKETSTORM",
"id": "125119"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "PACKETSTORM",
"id": "128211"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126404"
},
{
"db": "PACKETSTORM",
"id": "126052"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "127215"
},
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "PACKETSTORM",
"id": "125109"
},
{
"db": "PACKETSTORM",
"id": "125687"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "126754"
}
],
"trust": 2.7
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=31615",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0050",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN14876762",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-015",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-017",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-016",
"trust": 1.4
},
{
"db": "BID",
"id": "65400",
"trust": 1.4
},
{
"db": "PACKETSTORM",
"id": "127215",
"trust": 1.2
},
{
"db": "SECUNIA",
"id": "59232",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59399",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59185",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59187",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59039",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59500",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59184",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60475",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59041",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59183",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58075",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58976",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59492",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59725",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60753",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57915",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017",
"trust": 1.1
},
{
"db": "HITACHI",
"id": "HS14-008",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "31615",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126007",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131089",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141092",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125687",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125109",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126754",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126052",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126404",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128211",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129553",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "125687"
},
{
"db": "PACKETSTORM",
"id": "125109"
},
{
"db": "PACKETSTORM",
"id": "126754"
},
{
"db": "PACKETSTORM",
"id": "125119"
},
{
"db": "PACKETSTORM",
"id": "127215"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "126052"
},
{
"db": "PACKETSTORM",
"id": "126404"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "128211"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"id": "VAR-201404-0585",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41471650857142855
},
"last_update_date": "2026-03-09T21:05:21.141000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian Security Advisories: DSA-2856-1 libcommons-fileupload-java -- denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=642945afda91c20bf7efbc771575262b"
},
{
"title": "Amazon Linux AMI: ALAS-2014-312",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-312"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2130-1"
},
{
"title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57"
},
{
"title": "Debian Security Advisories: DSA-2897-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2d279d06ad61c5b596d45790e28df427"
},
{
"title": "Debian CVElist Bug Report Logs: tomcat7: CVE-2013-2071",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94f2b1959436d579ea8b492b708008b8"
},
{
"title": "Amazon Linux AMI: ALAS-2014-344",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-344"
},
{
"title": "Symantec Security Advisories: SA100 : Apache Tomcat Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=94a4a81a426ea8a524a402abe366c375"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Shiverino/NPE2223 "
},
{
"title": "cve-2014-0050",
"trust": 0.1,
"url": "https://github.com/jrrdev/cve-2014-0050 "
},
{
"title": "victims-version-search",
"trust": 0.1,
"url": "https://github.com/adedov/victims-version-search "
},
{
"title": "-maven-security-versions",
"trust": 0.1,
"url": "https://github.com/nagauker/-maven-security-versions "
},
{
"title": "maven-security-versions-Travis",
"trust": 0.1,
"url": "https://github.com/klee94/maven-security-versions-Travis "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/alexsh88/victims "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/tmpgit3000/victims "
},
{
"title": "maven-security-versions",
"trust": 0.1,
"url": "https://github.com/victims/maven-security-versions "
},
{
"title": "CDL",
"trust": 0.1,
"url": "https://github.com/NCSU-DANCE-Research-Group/CDL "
},
{
"title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications",
"trust": 0.1,
"url": "https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0400.html"
},
{
"trust": 1.4,
"url": "http://jvn.jp/en/jp/jvn14876762/index.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-016/index.html"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-017/index.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-015/index.html"
},
{
"trust": 1.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0253.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0252.html"
},
{
"trust": 1.3,
"url": "http://advisories.mageia.org/mgasa-2014-0110.html"
},
{
"trust": 1.2,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.2,
"url": "http://svn.apache.org/r1565143"
},
{
"trust": 1.2,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000017"
},
{
"trust": 1.1,
"url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57915"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58976"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59232"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59183"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59500"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58075"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59187"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59041"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59185"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59492"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65400"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59039"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59725"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59399"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59184"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60475"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60753"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2130-1"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2014/dsa-2856"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202107-39"
},
{
"trust": 1.1,
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3c52f373fc.9030907%40apache.org%3e"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0050.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0373.html"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0525.html"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0527.html"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100179973"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2014/feb/41"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://commons.apache.org/proper/commons-fileupload//"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668731"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004740"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/jun/151"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0401.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680564"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100178813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682645"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21669383"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675470"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671261"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-008/index.html"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04657823"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680714"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037189"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671330"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673004"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0459.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0526.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0528.html"
},
{
"trust": 0.3,
"url": "https://launchpad.support.sap.com/#/notes/2629535"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=497256000"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=495289255"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0429.html"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-350733.htm"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678364"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678373"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684861"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684286"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672321"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681214,swg21680564"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670373"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670400"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682055"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688411"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670769"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680366"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671527"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666799"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674439"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673701"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672717"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667254"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673260"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673682"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673581"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004858"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004859"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672032"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669020"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671201"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671653"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668978"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671684"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4286.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.3,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.3,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6429"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4322.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877"
},
{
"trust": 0.2,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://twitter.com/vmwaresrc"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/support/policies/lifecycle.html"
},
{
"trust": 0.2,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.2,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.2,
"url": "https://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2071"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2067"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://github.com/shiverino/npe2223"
},
{
"trust": 0.1,
"url": "https://github.com/jrrdev/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/31615/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32760"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2130-1/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=securitypatches\u0026version=6.0.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite\u0026downloadtype=securitypatches\u0026version=6.0.1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0149.html"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0268.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-1904.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/red_hat_jboss_fuse/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6430.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4517.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2172"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6429.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1904"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2035"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4152.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2172.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=6.1.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0054.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0085.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0085"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2035.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2192.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0054"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0033.html"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356363\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4345"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5553"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5556"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356388\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-5028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5541"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917\u003e"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05390722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5125"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0109.html"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/r1565163"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/r1565169"
},
{
"trust": 0.1,
"url": "http://www.enigmail.net/"
},
{
"trust": 0.1,
"url": "http://markmail.org/message/kpfl7ax4el2owb3o"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/2081470"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/go/download-vcops"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0002"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-7285.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.mq.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0002.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.esb.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0452.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6440.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0003.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6440"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com\u003e."
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0242"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1914"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0242"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/patchmgr/findpatch.portal"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1914"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/go/download-vsphere"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5885"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0033"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-29.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5887"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4431"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0050"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2733"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4286"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3544"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2071"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4322"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5886"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4590"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2733"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4431"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4534"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "PACKETSTORM",
"id": "126007"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "125687"
},
{
"db": "PACKETSTORM",
"id": "125109"
},
{
"db": "PACKETSTORM",
"id": "126754"
},
{
"db": "PACKETSTORM",
"id": "125119"
},
{
"db": "PACKETSTORM",
"id": "127215"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "126052"
},
{
"db": "PACKETSTORM",
"id": "126404"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "128211"
},
{
"db": "PACKETSTORM",
"id": "129553"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0050",
"ident": null
},
{
"db": "BID",
"id": "65400",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126007",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "131089",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126144",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126746",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141092",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125687",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125109",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126754",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125119",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "127215",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140605",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126052",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126404",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "139721",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "128211",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "129553",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0050",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0050",
"ident": null
},
{
"date": "2014-02-06T00:00:00",
"db": "BID",
"id": "65400",
"ident": null
},
{
"date": "2014-04-03T14:56:00",
"db": "PACKETSTORM",
"id": "126007",
"ident": null
},
{
"date": "2015-03-30T21:20:12",
"db": "PACKETSTORM",
"id": "131089",
"ident": null
},
{
"date": "2014-04-14T22:28:46",
"db": "PACKETSTORM",
"id": "126144",
"ident": null
},
{
"date": "2014-05-22T01:43:07",
"db": "PACKETSTORM",
"id": "126746",
"ident": null
},
{
"date": "2017-02-15T00:39:05",
"db": "PACKETSTORM",
"id": "141092",
"ident": null
},
{
"date": "2014-03-13T21:19:37",
"db": "PACKETSTORM",
"id": "125687",
"ident": null
},
{
"date": "2014-02-07T04:32:05",
"db": "PACKETSTORM",
"id": "125109",
"ident": null
},
{
"date": "2014-05-22T01:44:32",
"db": "PACKETSTORM",
"id": "126754",
"ident": null
},
{
"date": "2014-02-10T23:22:06",
"db": "PACKETSTORM",
"id": "125119",
"ident": null
},
{
"date": "2014-06-25T21:34:12",
"db": "PACKETSTORM",
"id": "127215",
"ident": null
},
{
"date": "2017-01-19T13:56:50",
"db": "PACKETSTORM",
"id": "140605",
"ident": null
},
{
"date": "2014-04-08T21:21:55",
"db": "PACKETSTORM",
"id": "126052",
"ident": null
},
{
"date": "2014-05-01T02:11:10",
"db": "PACKETSTORM",
"id": "126404",
"ident": null
},
{
"date": "2016-11-15T00:42:48",
"db": "PACKETSTORM",
"id": "139721",
"ident": null
},
{
"date": "2014-09-11T21:08:01",
"db": "PACKETSTORM",
"id": "128211",
"ident": null
},
{
"date": "2014-12-15T20:00:49",
"db": "PACKETSTORM",
"id": "129553",
"ident": null
},
{
"date": "2014-04-01T06:27:51.373000",
"db": "NVD",
"id": "CVE-2014-0050",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0050",
"ident": null
},
{
"date": "2018-07-12T06:00:00",
"db": "BID",
"id": "65400",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0050",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126746"
},
{
"db": "PACKETSTORM",
"id": "141092"
},
{
"db": "PACKETSTORM",
"id": "126754"
}
],
"trust": 0.4
},
"title": {
"_id": null,
"data": "Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "65400"
}
],
"trust": 0.3
},
"type": {
"_id": null,
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "65400"
}
],
"trust": 0.3
}
}
VAR-201708-0348
Vulnerability from variot - Updated: 2025-04-20 23:36Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. ArubaNetworksClearPassPolicyManager (CPPM) is a BYOD (bring your own device) network access control policy implementation platform from Aruba Networks. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker can exploit this vulnerability to gain access
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.x"
},
{
"model": "networks clearpass policy manager",
"scope": "lt",
"trust": 0.6,
"vendor": "aruba",
"version": "6.4.7"
},
{
"model": "networks clearpass policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "aruba",
"version": "6.5.*\u003c6.5.2"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.6,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.3"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26320"
},
{
"db": "BID",
"id": "100597"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1339"
},
{
"db": "NVD",
"id": "CVE-2015-3656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:arubanetworks:clearpass_policy_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "100597"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-3656",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-26320",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2015-3656",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3656",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3656",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-26320",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1339",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26320"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1339"
},
{
"db": "NVD",
"id": "CVE-2015-3656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. ArubaNetworksClearPassPolicyManager (CPPM) is a BYOD (bring your own device) network access control policy implementation platform from Aruba Networks. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker can exploit this vulnerability to gain access",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3656"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"db": "CNVD",
"id": "CNVD-2017-26320"
},
{
"db": "BID",
"id": "100597"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3656",
"trust": 3.3
},
{
"db": "BID",
"id": "100597",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007791",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-26320",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1339",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26320"
},
{
"db": "BID",
"id": "100597"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1339"
},
{
"db": "NVD",
"id": "CVE-2015-3656"
}
]
},
"id": "VAR-201708-0348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26320"
}
],
"trust": 1.3477272999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26320"
}
]
},
"last_update_date": "2025-04-20T23:36:48.353000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2015-009",
"trust": 0.8,
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt"
},
{
"title": "Patch for ArubaNetworksClearPassPolicyManager Privilege Escalation Vulnerability (CNVD-2017-26320)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/102011"
},
{
"title": "Aruba Networks ClearPass Policy Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74476"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26320"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1339"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-285",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"db": "NVD",
"id": "CVE-2015-3656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100597"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3656"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3656"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26320"
},
{
"db": "BID",
"id": "100597"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1339"
},
{
"db": "NVD",
"id": "CVE-2015-3656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-26320"
},
{
"db": "BID",
"id": "100597"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1339"
},
{
"db": "NVD",
"id": "CVE-2015-3656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26320"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100597"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1339"
},
{
"date": "2017-08-29T15:29:00.300000",
"db": "NVD",
"id": "CVE-2015-3656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26320"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100597"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007791"
},
{
"date": "2017-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1339"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-3656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1339"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager Authorization vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007791"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1339"
}
],
"trust": 0.6
}
}
VAR-201708-0349
Vulnerability from variot - Updated: 2025-04-20 23:35Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. Aruba Networks ClearPass Policy Manager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to gain super administrator privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0349",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.x"
},
{
"model": "networks clearpass policy manager",
"scope": "lt",
"trust": 0.6,
"vendor": "aruba",
"version": "6.4.7"
},
{
"model": "networks clearpass policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "aruba",
"version": "6.5.*\u003c6.5.2"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.6,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.3"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26318"
},
{
"db": "BID",
"id": "100600"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1338"
},
{
"db": "NVD",
"id": "CVE-2015-3657"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:arubanetworks:clearpass_policy_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "100600"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3657",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-3657",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-26318",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2015-3657",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3657",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3657",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-26318",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1338",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26318"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1338"
},
{
"db": "NVD",
"id": "CVE-2015-3657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain \"Super Admin\" privileges via unspecified vectors. Aruba Networks ClearPass Policy Manager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to gain super administrator privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3657"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"db": "CNVD",
"id": "CNVD-2017-26318"
},
{
"db": "BID",
"id": "100600"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3657",
"trust": 3.3
},
{
"db": "BID",
"id": "100600",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007792",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-26318",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1338",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26318"
},
{
"db": "BID",
"id": "100600"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1338"
},
{
"db": "NVD",
"id": "CVE-2015-3657"
}
]
},
"id": "VAR-201708-0349",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26318"
}
],
"trust": 1.3477272999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26318"
}
]
},
"last_update_date": "2025-04-20T23:35:47.771000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2015-009",
"trust": 0.8,
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt"
},
{
"title": "Patch for ArubaNetworksClearPassPolicyManager Privilege Escalation Vulnerability (CNVD-2017-26318)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/102001"
},
{
"title": "Aruba Networks ClearPass Policy Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74475"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26318"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1338"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"db": "NVD",
"id": "CVE-2015-3657"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100600"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3657"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3657"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/products/clearpass/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26318"
},
{
"db": "BID",
"id": "100600"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1338"
},
{
"db": "NVD",
"id": "CVE-2015-3657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-26318"
},
{
"db": "BID",
"id": "100600"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1338"
},
{
"db": "NVD",
"id": "CVE-2015-3657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26318"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100600"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1338"
},
{
"date": "2017-08-29T15:29:00.330000",
"db": "NVD",
"id": "CVE-2015-3657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26318"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100600"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007792"
},
{
"date": "2017-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1338"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-3657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1338"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007792"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1338"
}
],
"trust": 0.6
}
}
VAR-201708-0271
Vulnerability from variot - Updated: 2025-04-20 23:32Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. This vulnerability CVE-2015-3654 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.x"
},
{
"model": "networks clearpass policy manager",
"scope": "lt",
"trust": 0.6,
"vendor": "aruba",
"version": "6.4.7"
},
{
"model": "networks clearpass policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "aruba",
"version": "6.5.*\u003c6.5.2"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.6,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.3"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26317"
},
{
"db": "BID",
"id": "100539"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1337"
},
{
"db": "NVD",
"id": "CVE-2015-4649"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:arubanetworks:clearpass_policy_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "John Fleming of Mission Critical Systems.",
"sources": [
{
"db": "BID",
"id": "100539"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4649",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-4649",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-26317",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2015-4649",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4649",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-4649",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-26317",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1337",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26317"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1337"
},
{
"db": "NVD",
"id": "CVE-2015-4649"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. This vulnerability CVE-2015-3654 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4649"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"db": "CNVD",
"id": "CNVD-2017-26317"
},
{
"db": "BID",
"id": "100539"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4649",
"trust": 3.3
},
{
"db": "BID",
"id": "100539",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007793",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-26317",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1337",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26317"
},
{
"db": "BID",
"id": "100539"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1337"
},
{
"db": "NVD",
"id": "CVE-2015-4649"
}
]
},
"id": "VAR-201708-0271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26317"
}
],
"trust": 1.3477272999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26317"
}
]
},
"last_update_date": "2025-04-20T23:32:51.737000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2015-009",
"trust": 0.8,
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt"
},
{
"title": "Patch for ArubaNetworksClearPassPolicyManager Privilege Escalation Vulnerability (CNVD-2017-26317)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/101983"
},
{
"title": "Aruba Networks ClearPass Policy Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74474"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26317"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1337"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"db": "NVD",
"id": "CVE-2015-4649"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100539"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4649"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4649"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26317"
},
{
"db": "BID",
"id": "100539"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1337"
},
{
"db": "NVD",
"id": "CVE-2015-4649"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-26317"
},
{
"db": "BID",
"id": "100539"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1337"
},
{
"db": "NVD",
"id": "CVE-2015-4649"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26317"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100539"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1337"
},
{
"date": "2017-08-29T15:29:00.363000",
"db": "NVD",
"id": "CVE-2015-4649"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26317"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100539"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007793"
},
{
"date": "2017-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1337"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-4649"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1337"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007793"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1337"
}
],
"trust": 0.6
}
}
VAR-201708-0346
Vulnerability from variot - Updated: 2025-04-20 23:30Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. This vulnerability CVE-2015-4649 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0346",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.x"
},
{
"model": "networks clearpass policy manager",
"scope": "lt",
"trust": 0.6,
"vendor": "aruba",
"version": "6.4.7"
},
{
"model": "networks clearpass policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "aruba",
"version": "6.5.*\u003c6.5.2"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.6,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.3"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26319"
},
{
"db": "BID",
"id": "100602"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1341"
},
{
"db": "NVD",
"id": "CVE-2015-3654"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:arubanetworks:clearpass_policy_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "100602"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-3654",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-26319",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2015-3654",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3654",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3654",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-26319",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1341",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26319"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1341"
},
{
"db": "NVD",
"id": "CVE-2015-3654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. This vulnerability CVE-2015-4649 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3654"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"db": "CNVD",
"id": "CNVD-2017-26319"
},
{
"db": "BID",
"id": "100602"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3654",
"trust": 3.3
},
{
"db": "BID",
"id": "100602",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007789",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-26319",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1341",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26319"
},
{
"db": "BID",
"id": "100602"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1341"
},
{
"db": "NVD",
"id": "CVE-2015-3654"
}
]
},
"id": "VAR-201708-0346",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26319"
}
],
"trust": 1.3477272999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26319"
}
]
},
"last_update_date": "2025-04-20T23:30:54.018000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2015-009",
"trust": 0.8,
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt"
},
{
"title": "Patch for ArubaNetworksClearPassPolicyManager Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/102016"
},
{
"title": "Aruba Networks ClearPass Policy Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74478"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26319"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1341"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"db": "NVD",
"id": "CVE-2015-3654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100602"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3654"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3654"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26319"
},
{
"db": "BID",
"id": "100602"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1341"
},
{
"db": "NVD",
"id": "CVE-2015-3654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-26319"
},
{
"db": "BID",
"id": "100602"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1341"
},
{
"db": "NVD",
"id": "CVE-2015-3654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26319"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100602"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1341"
},
{
"date": "2017-08-29T15:29:00.237000",
"db": "NVD",
"id": "CVE-2015-3654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26319"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100602"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007789"
},
{
"date": "2017-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1341"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-3654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007789"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1341"
}
],
"trust": 0.6
}
}
VAR-201708-0345
Vulnerability from variot - Updated: 2025-04-20 23:22Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. Aruba Networks ClearPass Policy Manager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to overwrite any file in the underlying operating system, causing a denial of service or gaining access. Remote attackers can exploit this issue to gain elevated privileges. Failed exploits may result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 1.6,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass",
"scope": "lte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.x"
},
{
"model": "networks clearpass policy manager",
"scope": "lt",
"trust": 0.6,
"vendor": "aruba",
"version": "6.4.7"
},
{
"model": "networks clearpass policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "aruba",
"version": "6.5.*\u003c6.5.2"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.6,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.3"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26328"
},
{
"db": "BID",
"id": "100593"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1342"
},
{
"db": "NVD",
"id": "CVE-2015-3653"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:arubanetworks:clearpass_policy_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown.",
"sources": [
{
"db": "BID",
"id": "100593"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-3653",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-26328",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2015-3653",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3653",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3653",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-26328",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1342",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26328"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1342"
},
{
"db": "NVD",
"id": "CVE-2015-3653"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. Aruba Networks ClearPass Policy Manager Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Security vulnerabilities existed in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to overwrite any file in the underlying operating system, causing a denial of service or gaining access. \nRemote attackers can exploit this issue to gain elevated privileges. Failed exploits may result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3653"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"db": "CNVD",
"id": "CNVD-2017-26328"
},
{
"db": "BID",
"id": "100593"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3653",
"trust": 3.3
},
{
"db": "BID",
"id": "100593",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007788",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-26328",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1342",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26328"
},
{
"db": "BID",
"id": "100593"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1342"
},
{
"db": "NVD",
"id": "CVE-2015-3653"
}
]
},
"id": "VAR-201708-0345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26328"
}
],
"trust": 1.3477272999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26328"
}
]
},
"last_update_date": "2025-04-20T23:22:15.100000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2015-009",
"trust": 0.8,
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt"
},
{
"title": "ArubaNetworksClearPassPolicyManager patch for arbitrary file write vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/102027"
},
{
"title": "Aruba Networks ClearPass Policy Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74479"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26328"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1342"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"db": "NVD",
"id": "CVE-2015-3653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100593"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3653"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3653"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26328"
},
{
"db": "BID",
"id": "100593"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1342"
},
{
"db": "NVD",
"id": "CVE-2015-3653"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-26328"
},
{
"db": "BID",
"id": "100593"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1342"
},
{
"db": "NVD",
"id": "CVE-2015-3653"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26328"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100593"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1342"
},
{
"date": "2017-08-29T15:29:00.190000",
"db": "NVD",
"id": "CVE-2015-3653"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26328"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100593"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007788"
},
{
"date": "2017-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1342"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-3653"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007788"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1342"
}
],
"trust": 0.6
}
}
VAR-201708-0347
Vulnerability from variot - Updated: 2025-04-20 23:04Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. ArubaNetworksClearPassPolicyManager (CPPM) is a BYOD (bring your own device) network access control policy implementation platform from Aruba Networks. A cross-site request forgery vulnerability exists in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0347",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearpass",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.7"
},
{
"model": "clearpass",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.0"
},
{
"model": "clearpass",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0"
},
{
"model": "clearpass",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "lt",
"trust": 0.8,
"vendor": "aruba",
"version": "6.5.x"
},
{
"model": "networks clearpass policy manager",
"scope": "lt",
"trust": 0.6,
"vendor": "aruba",
"version": "6.4.7"
},
{
"model": "networks clearpass policy manager",
"scope": "eq",
"trust": 0.6,
"vendor": "aruba",
"version": "6.5.*\u003c6.5.2"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.6,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.6,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.6,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.5"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.4"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.3"
},
{
"model": "clearpass policy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.5.2"
},
{
"model": "clearpass policy manager",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"db": "BID",
"id": "100594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1340"
},
{
"db": "NVD",
"id": "CVE-2015-3655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:arubanetworks:clearpass_policy_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007790"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "100594"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-3655",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-26327",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2015-3655",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-3655",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3655",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3655",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-26327",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1340",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3655",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"db": "VULMON",
"id": "CVE-2015-3655"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1340"
},
{
"db": "NVD",
"id": "CVE-2015-3655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. ArubaNetworksClearPassPolicyManager (CPPM) is a BYOD (bring your own device) network access control policy implementation platform from Aruba Networks. A cross-site request forgery vulnerability exists in versions prior to ArubaNetworksCPPM 6.4.7 and in versions 6.5.x prior to 6.5.2. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3655"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"db": "BID",
"id": "100594"
},
{
"db": "VULMON",
"id": "CVE-2015-3655"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3655",
"trust": 3.4
},
{
"db": "BID",
"id": "100594",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007790",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-26327",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1340",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2015-3655",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"db": "VULMON",
"id": "CVE-2015-3655"
},
{
"db": "BID",
"id": "100594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1340"
},
{
"db": "NVD",
"id": "CVE-2015-3655"
}
]
},
"id": "VAR-201708-0347",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26327"
}
],
"trust": 1.3477272999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26327"
}
]
},
"last_update_date": "2025-04-20T23:04:38.142000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ARUBA-PSA-2015-009",
"trust": 0.8,
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-009.txt"
},
{
"title": "Patch for ArubaNetworksClearPassPolicyManager Cross-site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/102024"
},
{
"title": "Aruba Networks ClearPass Policy Manager Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74477"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1340"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"db": "NVD",
"id": "CVE-2015-3655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2015-009.txt"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/100594"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3655"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3655"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"db": "VULMON",
"id": "CVE-2015-3655"
},
{
"db": "BID",
"id": "100594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1340"
},
{
"db": "NVD",
"id": "CVE-2015-3655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"db": "VULMON",
"id": "CVE-2015-3655"
},
{
"db": "BID",
"id": "100594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1340"
},
{
"db": "NVD",
"id": "CVE-2015-3655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3655"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100594"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1340"
},
{
"date": "2017-08-29T15:29:00.267000",
"db": "NVD",
"id": "CVE-2015-3655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"date": "2020-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3655"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100594"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007790"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1340"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-3655"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1340"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aruba Networks ClearPass Policy Manager Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26327"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1340"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1340"
}
],
"trust": 0.6
}
}
VAR-201404-0287
Vulnerability from variot - Updated: 2025-04-13 22:09CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation (manipulate)" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.1 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0287",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "struts",
"scope": "lt",
"trust": 1.8,
"vendor": "apache",
"version": "2.3.16.2"
},
{
"model": "connections",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "connections",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "struts",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.16.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.16"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.15.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.15.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.15.1"
},
{
"model": "connections",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "enterprise monitor 2.3.16"
},
{
"model": "mysql",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "enterprise monitor 3.0.10"
},
{
"model": "esmpro/servermanager",
"scope": "lte",
"trust": 0.8,
"vendor": "nec",
"version": "ver5.75"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "pc security"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "security risk management v1.0.0 to v2.1.3"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rfid manager enterprise v7.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rfid manager lite v2.0"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "rfid manager standard v2.0"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v6.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v5.1 to v5.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v6.1 to v6.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.1"
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "\"v8.2 to v8.4 (with developers studio only )\""
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "\"v9.1 to v9.2 (with developers studio only )\""
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.3 to v8.4"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v9.1"
},
{
"model": "integrated system ha database ready",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "business analytics modeling server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "business process manager analytics"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "extreme transaction processing server"
},
{
"model": "interstage",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "mobile manager"
},
{
"model": "interstage application development cycle manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage service integrator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "serverview",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "resource orchestrator"
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "analytics server"
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "server"
},
{
"model": "systemwalker service catalog manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker service quality coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker software configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "triole",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "cloud middle set b set"
},
{
"model": "cloud infrastructure management software",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.4.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.3"
},
{
"model": "keybox",
"scope": "eq",
"trust": 0.3,
"vendor": "skavanagh",
"version": "2.10.02"
},
{
"model": "ec2box",
"scope": "eq",
"trust": 0.3,
"vendor": "skavanagh",
"version": "0.11.01"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.10"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.16"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.15"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.14"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.13"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "sterling web channel",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "sterling web channel",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.1"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "sterling order management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "sterling field sales",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.1"
},
{
"model": "sterling field sales",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "sterling field sales",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "sterling field sales",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "platform symphony",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"model": "platform symphony",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "platform symphony",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "platform hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "platform hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "platform hpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "platform cluster manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "platform application center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2"
},
{
"model": "platform application center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.1"
},
{
"model": "platform application center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "platform application center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.00"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.10"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.3"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.2"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.2"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.1"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.3"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "5.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.41"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.13"
},
{
"model": "keybox",
"scope": "ne",
"trust": 0.3,
"vendor": "skavanagh",
"version": "2.10.03"
},
{
"model": "ec2box",
"scope": "ne",
"trust": 0.3,
"vendor": "skavanagh",
"version": "0.11.02"
},
{
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.2"
},
{
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.4"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16.2"
}
],
"sources": [
{
"db": "BID",
"id": "67081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:struts",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:connections",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:mysql",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:esmpro_servermanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:infocage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_portal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:serverview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:symfoware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:triole",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taki Uchiyama, Takeshi Terada, Takayoshi Isayama, Yoshiyuki Karezaki, BAKA/ty, \nShine, NSFOCUS Security Team and heige.",
"sources": [
{
"db": "BID",
"id": "67081"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0113",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0113",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0113",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0113",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-570",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0113",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation (manipulate)\" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.1 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "BID",
"id": "67081"
},
{
"db": "VULMON",
"id": "CVE-2014-0113"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0113",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "59178",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570",
"trust": 0.6
},
{
"db": "BID",
"id": "67081",
"trust": 0.3
},
{
"db": "EXPLOITDB",
"id": "33142",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0113",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "BID",
"id": "67081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"id": "VAR-201404-0287",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1875
},
"last_update_date": "2025-04-13T22:09:03.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletins S2-021",
"trust": 0.8,
"url": "https://cwiki.apache.org/confluence/display/WW/S2-021"
},
{
"title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2",
"trust": 0.8,
"url": "http://struts.apache.org/download.cgi#struts23162"
},
{
"title": "1680848",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
},
{
"title": "1681190",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190"
},
{
"title": "NV15-001",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"title": "April 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
},
{
"title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
},
{
"title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html"
},
{
"title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html"
},
{
"title": "struts-2.3.16.2-all",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49668"
},
{
"title": "Red Hat: CVE-2014-0113",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0113"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "-maven-security-versions",
"trust": 0.1,
"url": "https://github.com/nagauker/-maven-security-versions "
},
{
"title": "maven-security-versions-Travis",
"trust": 0.1,
"url": "https://github.com/klee94/maven-security-versions-Travis "
},
{
"title": "maven-security-versions",
"trust": 0.1,
"url": "https://github.com/victims/maven-security-versions "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/tmpgit3000/victims "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/alexsh88/victims "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706"
},
{
"trust": 1.7,
"url": "https://cwiki.apache.org/confluence/display/ww/s2-021"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59178"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0113"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0113"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
},
{
"trust": 0.3,
"url": "https://github.com/skavanagh/ec2box/releases/tag/v0.11.02"
},
{
"trust": 0.3,
"url": "https://github.com/skavanagh/keybox/releases/tag/v2.10.03"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020896"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020893"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/development/2.x/docs/s2-021.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020894"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020895"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/victims/maven-security-versions"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/33142/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "BID",
"id": "67081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"db": "BID",
"id": "67081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"date": "2014-04-28T00:00:00",
"db": "BID",
"id": "67081"
},
{
"date": "2014-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"date": "2014-04-29T10:37:03.700000",
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0113"
},
{
"date": "2015-05-07T17:38:00",
"db": "BID",
"id": "67081"
},
{
"date": "2016-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002269"
},
{
"date": "2019-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-570"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0113"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-570"
}
],
"trust": 0.6
}
}
CVE-2021-29141 (GCVE-0-2021-29141)
Vulnerability from nvd – Published: 2021-04-29 13:30 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T13:30:59.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29141",
"datePublished": "2021-04-29T13:30:59.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29139 (GCVE-0-2021-29139)
Vulnerability from nvd – Published: 2021-04-29 13:16 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote cross site scripting (xss)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T13:16:56.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29139",
"datePublished": "2021-04-29T13:16:56.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29142 (GCVE-0-2021-29142)
Vulnerability from nvd – Published: 2021-04-29 12:08 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote cross site scripting (xss)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T12:08:56.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29142",
"datePublished": "2021-04-29T12:08:56.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29140 (GCVE-0-2021-29140)
Vulnerability from nvd – Published: 2021-04-29 12:19 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote xml external entity (xxe)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote xml external entity (xxe)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T12:19:12.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote xml external entity (xxe)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29140",
"datePublished": "2021-04-29T12:19:12.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29138 (GCVE-0-2021-29138)
Vulnerability from nvd – Published: 2021-04-29 12:25 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of privileged information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of privileged information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T12:25:07.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of privileged information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29138",
"datePublished": "2021-04-29T12:25:07.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29147 (GCVE-0-2021-29147)
Vulnerability from nvd – Published: 2021-04-29 11:58 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote arbitray command execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitray command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:58:09.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitray command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29147",
"datePublished": "2021-04-29T11:58:09.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29146 (GCVE-0-2021-29146)
Vulnerability from nvd – Published: 2021-04-29 11:21 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote cross site scripting (xss)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:21:28.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29146",
"datePublished": "2021-04-29T11:21:28.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29145 (GCVE-0-2021-29145)
Vulnerability from nvd – Published: 2021-04-29 11:31 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote server side request forgery (ssrf), remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote server side request forgery (ssrf), remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:31:10.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote server side request forgery (ssrf), remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29145",
"datePublished": "2021-04-29T11:31:10.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29144 (GCVE-0-2021-29144)
Vulnerability from nvd – Published: 2021-04-29 11:52 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:52:26.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29144",
"datePublished": "2021-04-29T11:52:27.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7114 (GCVE-0-2020-7114)
Vulnerability from nvd – Published: 2020-04-16 16:14 – Updated: 2024-08-04 09:18
VLAI?
Summary
A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
Severity ?
No CVSS data available.
CWE
- network database compromise
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClearPass Policy Manager |
Affected:
ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists allowing attackers, when present in the same network segment as ClearPass\u0027 management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "network database compromise",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-16T16:14:06.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists allowing attackers, when present in the same network segment as ClearPass\u0027 management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. As a result of this attack, a possible complete cluster compromise might occur. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "network database compromise"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7114",
"datePublished": "2020-04-16T16:14:06.000Z",
"dateReserved": "2020-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7113 (GCVE-0-2020-7113)
Vulnerability from nvd – Published: 2020-04-16 16:14 – Updated: 2024-08-04 09:18
VLAI?
Summary
A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher.
Severity ?
No CVSS data available.
CWE
- interception and modification of http packets
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClearPass Policy Manager |
Affected:
ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass\u0027 service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "interception and modification of http packets",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-16T16:14:37.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass\u0027 service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "interception and modification of http packets"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7113",
"datePublished": "2020-04-16T16:14:37.000Z",
"dateReserved": "2020-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7111 (GCVE-0-2020-7111)
Vulnerability from nvd – Published: 2020-04-16 16:14 – Updated: 2024-08-04 09:18
VLAI?
Summary
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
Severity ?
No CVSS data available.
CWE
- server side injection leading to remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClearPass Policy Manager |
Affected:
ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "server side injection leading to remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-16T16:14:16.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "server side injection leading to remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7111",
"datePublished": "2020-04-16T16:14:16.000Z",
"dateReserved": "2020-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7110 (GCVE-0-2020-7110)
Vulnerability from nvd – Published: 2020-04-16 16:14 – Updated: 2024-08-04 09:18
VLAI?
Summary
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
Severity ?
No CVSS data available.
CWE
- persisted cross site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ClearPass Policy Manager |
Affected:
ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:03.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "persisted cross site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-16T16:14:49.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2020-7110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "ClearPass 6.8.x prior to 6.8.5 ClearPass 6.7.x prior to 6.7.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "persisted cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-004.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2020-7110",
"datePublished": "2020-04-16T16:14:49.000Z",
"dateReserved": "2020-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:03.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29141 (GCVE-0-2021-29141)
Vulnerability from cvelistv5 – Published: 2021-04-29 13:30 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T13:30:59.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29141",
"datePublished": "2021-04-29T13:30:59.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29139 (GCVE-0-2021-29139)
Vulnerability from cvelistv5 – Published: 2021-04-29 13:16 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote cross site scripting (xss)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T13:16:56.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29139",
"datePublished": "2021-04-29T13:16:56.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29138 (GCVE-0-2021-29138)
Vulnerability from cvelistv5 – Published: 2021-04-29 12:25 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of privileged information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of privileged information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T12:25:07.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of privileged information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29138",
"datePublished": "2021-04-29T12:25:07.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29140 (GCVE-0-2021-29140)
Vulnerability from cvelistv5 – Published: 2021-04-29 12:19 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote xml external entity (xxe)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote xml external entity (xxe)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T12:19:12.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote xml external entity (xxe)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29140",
"datePublished": "2021-04-29T12:19:12.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29142 (GCVE-0-2021-29142)
Vulnerability from cvelistv5 – Published: 2021-04-29 12:08 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote cross site scripting (xss)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T12:08:56.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29142",
"datePublished": "2021-04-29T12:08:56.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29147 (GCVE-0-2021-29147)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:58 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote arbitray command execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote arbitray command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:58:09.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitray command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29147",
"datePublished": "2021-04-29T11:58:09.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29144 (GCVE-0-2021-29144)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:52 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote disclosure of sensitive information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote disclosure of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:52:26.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29144",
"datePublished": "2021-04-29T11:52:27.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29145 (GCVE-0-2021-29145)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:31 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote server side request forgery (ssrf), remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote server side request forgery (ssrf), remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:31:10.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote server side request forgery (ssrf), remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29145",
"datePublished": "2021-04-29T11:31:10.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29146 (GCVE-0-2021-29146)
Vulnerability from cvelistv5 – Published: 2021-04-29 11:21 – Updated: 2024-08-03 22:02
VLAI?
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
Severity ?
No CVSS data available.
CWE
- remote cross site scripting (xss)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Aruba ClearPass Policy Manager |
Affected:
Prior to 6.9.5, 6.8.9, 6.7.14-HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:50.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba ClearPass Policy Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote cross site scripting (xss)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T11:21:28.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2021-29146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba ClearPass Policy Manager",
"version": {
"version_data": [
{
"version_value": "Prior to 6.9.5, 6.8.9, 6.7.14-HF1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote cross site scripting (xss)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt",
"refsource": "MISC",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-009.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2021-29146",
"datePublished": "2021-04-29T11:21:28.000Z",
"dateReserved": "2021-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:50.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}