Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-25649 (GCVE-0-2020-25649)
Vulnerability from cvelistv5 – Published: 2020-12-03 16:16 – Updated: 2024-08-04 15:40
VLAI
EPSS
Summary
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Severity
No CVSS data available.
CWE
Assigner
References
71 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | jackson-databind |
Affected:
jackson-databind-2.11.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "FEDORA-2021-1d8254899c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"name": "[spark-user] 20210621 Re: CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jackson-databind",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "jackson-databind-2.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:15:31.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "FEDORA-2021-1d8254899c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"name": "[spark-user] 20210621 Re: CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jackson-databind",
"version": {
"version_data": [
{
"version_value": "jackson-databind-2.11.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2589",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"
},
{
"name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "FEDORA-2021-1d8254899c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E"
},
{
"name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"name": "[spark-user] 20210621 Re: CVEs",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25649",
"datePublished": "2020-12-03T16:16:50.000Z",
"dateReserved": "2020-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-25649",
"date": "2026-05-29",
"epss": "0.00075",
"percentile": "0.2257"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-25649\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-12-03T17:15:12.503\",\"lastModified\":\"2024-11-21T05:18:20.343\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en FasterXML Jackson Databind, donde no ten\u00eda la expansi\u00f3n de entidad asegurada apropiadamente. Este fallo permite una vulnerabilidad a ataques de tipo XML external entity (XXE). La mayor amenaza de esta vulnerabilidad es la integridad de los datos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.0\",\"versionEndExcluding\":\"2.6.7.4\",\"matchCriteriaId\":\"2C23395F-4438-4B80-9DA6-87E760F7459A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.10.7\",\"matchCriteriaId\":\"7703D07D-5784-47D1-9391-D376A24D7C5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.10.0\",\"versionEndExcluding\":\"2.10.5.1\",\"matchCriteriaId\":\"28C07803-813B-4AAC-9C08-9EB83756F16B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC98B22-FFAA-4B59-8E63-EBAA4336AD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7081652A-D28B-494E-94EF-CA88117F23EE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.1\",\"matchCriteriaId\":\"ADFFB9C4-DE43-4ADC-B1C7-6F034741D9C3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.12.0\",\"matchCriteriaId\":\"8C798AD5-AAF5-4044-B348-336F4CFA86CF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*\",\"matchCriteriaId\":\"5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.1\",\"versionEndIncluding\":\"18.3\",\"matchCriteriaId\":\"6DF2D056-3118-4C31-BEDD-69F016898CBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86F03B63-F922-45CD-A7D1-326DB0042875\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CBFC93F-8B39-45A2-981C-59B187169BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0843465C-F940-4FFC-998D-9A2668B75EA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"282150FF-C945-4A3E-8A80-E8757A8907EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBCE22C0-4253-40A5-89AE-499A3BC9EFF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9FC9AB-1070-420F-870E-A5EC43A924A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C5C28ED-C5AA-40B9-9B26-6A91D20B3E1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180F3D2A-7E7A-4DE9-9792-942CB3D6B51E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.2\",\"matchCriteriaId\":\"D0DBC938-A782-433F-8BF1-CA250C332AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA64A1D-34F9-4441-857A-25C165E6DBB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndIncluding\":\"11.3.2\",\"matchCriteriaId\":\"F012E976-E219-46C2-8177-60ED859594BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BEF2FC-89B8-4D97-BB3A-C1ECA19D03B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790A89FD-6B86-49AE-9B4F-AE7262915E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39D442D-1997-49AF-8B02-5640BE2A26CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB1BC31C-6016-42A8-9517-2FBBC92620CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4012B512-DB7D-476A-93A6-51054DD6E3D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"987811D5-DA5E-493D-8709-F9231A84E5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4A94B36-479F-48F2-9B9E-ACEA2589EF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E23F2E-6733-45AF-9BD9-1A600BD278C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E812639B-EE28-4C68-9F6F-70C8BF981C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28AD22B9-A037-419C-8D72-8B062E6882FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A23B00C1-878A-4B55-B87B-EFFFA6A5E622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A28F42F0-FBDA-4574-AD30-7A04F27FEA3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062E4E7C-55BB-46F3-8B61-5A663B565891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7BE0590-31BD-4FCD-B50E-A5F86196F99E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2051BA9E-E635-47D5-B942-8AC26E9487CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EA81FC1-63E1-479F-941C-930351E43010\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"1DDB3D8B-1D04-4345-BB27-723186719CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F89EC4B-6D34-40F0-B7C6-C03D03F81C13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"5DEAB5CD-4223-4A43-AB9E-486113827A6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3E25293-CB03-44CE-A8ED-04B3A0487A6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.3\",\"matchCriteriaId\":\"A0A366B8-1B5C-4C9E-A761-1AB1547D7404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.3\",\"matchCriteriaId\":\"4BCA7DD9-8599-4E43-9D82-999BE15483B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"6951D244-845C-4BF2-AC75-F226B0C39C77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.11\",\"matchCriteriaId\":\"53E2276C-9515-46F6-A621-213A3047B9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.10\",\"matchCriteriaId\":\"3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A932C79-8646-4023-9C12-9C7A2A6840EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E702EBED-DB39-4084-84B1-258BC5FE7545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F7956BF-D5B6-484B-999C-36B45CD8B75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEE71EA5-B315-4F1E-BFEE-EC426B562F7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B2C44-CECD-4551-B04F-4076D0E053C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69FB468-EAF3-4E67-95E7-DF92C281C1F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E39D5C-5EFA-4FEB-909E-0A92004F2563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5BBA303-8D2B-48C5-B52A-4E192166699C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B393A82-476A-4270-A903-38ED4169E431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A502118-5B2B-47AE-82EC-1999BD841103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E819270D-AA7D-4B0E-990B-D25AB6E46FBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569C0BD-16C1-441E-BAEB-840C94BE73EF\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2589\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210108-0007/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1887664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/2589\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210108-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2026-AVI-0500
Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2026-24098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-34610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2026-34486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2025-54550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
},
{
"name": "CVE-2025-54920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-34500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
},
{
"name": "CVE-2025-9624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
},
{
"name": "CVE-2026-34043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2025-67721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2025-66236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2024-57083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2024-23953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
},
{
"name": "CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2025-27821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
},
{
"name": "CVE-2022-41404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2025-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
},
{
"name": "CVE-2025-65995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-68458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2024-56373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-68157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2025-68675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-34483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-04-27T00:00:00",
"last_revision_date": "2026-04-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0500",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
},
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
}
]
}
CERTFR-2026-AVI-0556
Vulnerability from certfr_avis - Published: 2026-05-11 - Updated: 2026-05-11
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 31.3.x antérieures à 3.13.15 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server For Kubernetes versions antérieures à 1.3.0 | ||
| VMware | Tanzu | Tanzu Data Flow on Kubernetes versions antérieures à 2.1.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.0.x antérieures à 4.0.20 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Backup and Restore versions antérieures à1.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Data Copy Utility versions antérieures à 2.9.3 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.3.4 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 6.17.x antérieures à 6.17.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum on Kubernetes versions antérieures à 1.1.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.2.x antérieures à 4.2.6 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Text versions antérieures à 4.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server versions antérieures à 2.3.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.3.x antérieures à 4.3.0 | ||
| VMware | Tanzu | Tanzu for Valkey on Kubernetes versions antérieures à 3.4.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire versions antérieures à 10.2.3 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Upgrade versions antérieures à 2.0.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplumversions antérieures à 7.8.0 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire Vector Database versions antérieures à 1.2.2 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 6.33.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions 7.7.x antérieures à 7.7.0 | ||
| VMware | Tanzu | Tanzu RabbitMQ on Kubernetes versions 4.1.x antérieures à 4.1.11 | ||
| VMware | Tanzu | Tanzu for MySQL on Kubernetes versions antérieures à 2.0.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu RabbitMQ on Kubernetes versions 31.3.x ant\u00e9rieures \u00e0 3.13.15",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server For Kubernetes versions ant\u00e9rieures \u00e0 1.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Flow on Kubernetes versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.0.x ant\u00e9rieures \u00e0 4.0.20",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Backup and Restore versions ant\u00e9rieures \u00e01.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Data Copy Utility versions ant\u00e9rieures \u00e0 2.9.3",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.3.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 6.17.x ant\u00e9rieures \u00e0 6.17.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum on Kubernetes versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.2.x ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Text versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.3.x ant\u00e9rieures \u00e0 4.3.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for Valkey on Kubernetes versions ant\u00e9rieures \u00e0 3.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": " Tanzu GemFire versions ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Upgrade versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplumversions ant\u00e9rieures \u00e0 7.8.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Vector Database versions ant\u00e9rieures \u00e0 1.2.2",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.33.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions 7.7.x ant\u00e9rieures \u00e0 7.7.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu RabbitMQ on Kubernetes versions 4.1.x ant\u00e9rieures \u00e0 4.1.11",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu for MySQL on Kubernetes versions ant\u00e9rieures \u00e0 2.0.3\n",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2025-69534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69534"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2025-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3264"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2020-26939",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26939"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2025-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53042"
},
{
"name": "CVE-2026-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4878"
},
{
"name": "CVE-2026-35238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35238"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2026-27205",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27205"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2026-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32990"
},
{
"name": "CVE-2022-30973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30973"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2026-1669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1669"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2021-27906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27906"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-34267",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34267"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2026-35239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35239"
},
{
"name": "CVE-2026-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3497"
},
{
"name": "CVE-2025-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53062"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2021-36373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2026-0897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0897"
},
{
"name": "CVE-2025-5197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5197"
},
{
"name": "CVE-2026-34271",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34271"
},
{
"name": "CVE-2019-10094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10094"
},
{
"name": "CVE-2026-24308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24308"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2026-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3446"
},
{
"name": "CVE-2026-32875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32875"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"name": "CVE-2022-24613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24613"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2026-22701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22701"
},
{
"name": "CVE-2026-34270",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34270"
},
{
"name": "CVE-2026-34303",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34303"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2953"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2025-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3933"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2018-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8036"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2026-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22009"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2026-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21998"
},
{
"name": "CVE-2019-17558",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17558"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2020-13955",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13955"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2025-15367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-35236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35236"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2026-35237",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35237"
},
{
"name": "CVE-2014-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0114"
},
{
"name": "CVE-2026-33236",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33236"
},
{
"name": "CVE-2022-32287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32287"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22017"
},
{
"name": "CVE-2022-26336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26336"
},
{
"name": "CVE-2024-21244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21244"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2018-1338",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1338"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2021-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29262"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2024-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"name": "CVE-2026-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1703"
},
{
"name": "CVE-2026-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
},
{
"name": "CVE-2026-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
},
{
"name": "CVE-2026-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3479"
},
{
"name": "CVE-2024-52012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52012"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2026-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39883"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2019-10088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10088"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1839"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-34515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34515"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-34519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34519"
},
{
"name": "CVE-2018-11797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11797"
},
{
"name": "CVE-2026-22022",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22022"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2026-34304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34304"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2024-21742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21742"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2018-8017",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8017"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2017-15691",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15691"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2026-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22002"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-34518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34518"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2018-17197",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17197"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-62813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62813"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2026-34308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34308"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3219"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21499"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2026-27199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2020-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1945"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-23926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2026-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22731"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2025-68146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-3730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3730"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-34525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34525"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2026-32274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32274"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2026-35240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35240"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2026-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22004"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2018-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1324"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2026-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22001"
},
{
"name": "CVE-2026-32874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32874"
},
{
"name": "CVE-2025-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3263"
},
{
"name": "CVE-2025-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2026-4539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4539"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-31812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31812"
},
{
"name": "CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"name": "CVE-2025-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
},
{
"name": "CVE-2025-13462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13462"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6051"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-53069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53069"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2025-66034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66034"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53044"
},
{
"name": "CVE-2026-3298",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3298"
},
{
"name": "CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-21232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21232"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2026-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4224"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2019-12415",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
},
{
"name": "CVE-2025-8869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2026-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22015"
},
{
"name": "CVE-2025-12817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2026-23949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31672"
},
{
"name": "CVE-2018-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11761"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2018-11771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11771"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2018-1335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1335"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"name": "CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"name": "CVE-2025-21493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21493"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2018-11762",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11762"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2026-22733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22733"
},
{
"name": "CVE-2026-2297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53054"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2026-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22005"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2016-1000340",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000340"
},
{
"name": "CVE-2026-34516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
},
{
"name": "CVE-2026-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3644"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-29129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
},
{
"name": "CVE-2022-31159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-34517",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34517"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2020-15522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2018-1339",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1339"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2025-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-14009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14009"
},
{
"name": "CVE-2025-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53040"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2026-34278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34278"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2026-34513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34513"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2026-34514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34514"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2025-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53045"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2099"
},
{
"name": "CVE-2025-1194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1194"
},
{
"name": "CVE-2025-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6638"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2017-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3164"
},
{
"name": "CVE-2026-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41066"
},
{
"name": "CVE-2026-34520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
},
{
"name": "CVE-2025-53053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53053"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2026-24880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24880"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
},
{
"name": "CVE-2026-0672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
},
{
"name": "CVE-2017-7669",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7669"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2017-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
},
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
},
{
"name": "CVE-2019-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0193"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-33231",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33231"
},
{
"name": "CVE-2022-30126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30126"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2025-6921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6921"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2026-34276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34276"
},
{
"name": "CVE-2022-24614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24614"
},
{
"name": "CVE-2026-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22815"
},
{
"name": "CVE-2020-13959",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13959"
},
{
"name": "CVE-2025-24814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24814"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2020-11979",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
},
{
"name": "CVE-2025-67221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
},
{
"name": "CVE-2024-21243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21243"
},
{
"name": "CVE-2026-33230",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33230"
},
{
"name": "CVE-2021-31811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31811"
},
{
"name": "CVE-2021-27807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27807"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2026-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
},
{
"name": "CVE-2026-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1462"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2026-34293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34293"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2018-11802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11802"
},
{
"name": "CVE-2025-3777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3777"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2018-11796",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11796"
},
{
"name": "CVE-2020-13957",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13957"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2018-1000632",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
},
{
"name": "CVE-2026-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0846"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-11T00:00:00",
"last_revision_date": "2026-05-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0556",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37451",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37445",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37445"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37460",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37460"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37449",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37449"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37450",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37466",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37466"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37468",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37468"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37444",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37444"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37461",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37461"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware DSA-2016-11",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37459"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37446",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37446"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37465",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37465"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37448",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37448"
},
{
"published_at": "2026-05-06",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37447",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37447"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37463",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37463"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37452",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37452"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37462",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37462"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37464",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37464"
}
]
}
CERTFR-2026-AVI-0627
Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.3 | ||
| Splunk | N/A | Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9 | ||
| Splunk | Splunk | image Docker Splunk versions 10.2.x antérieures à 10.2.2 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk | image Docker Splunk versions 9.4.x antérieures à 9.4.10 | ||
| Splunk | Splunk User Behavior Analytics (UBA) | Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5 | ||
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Analytics Agent | Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0 | ||
| Splunk | N/A | Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Machine Agent | Splunk AppDynamics Machine Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11 | ||
| Splunk | N/A | Splunk AppDynamics Python Agent versions antérieures à 26.4.1 | ||
| Splunk | Splunk | image Docker Splunk versions 10.0.x antérieures à 10.0.5 | ||
| Splunk | N/A | Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.6 | ||
| Splunk | N/A | Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk | image Docker Splunk versions 9.3.x antérieures à 9.3.11 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.12 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions antérieures à 26.4.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AI Toolkit versions 5.7.x ant\u00e9rieures \u00e0 5.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.129",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.3.2512 ant\u00e9rieures \u00e0 10.3.2512.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.2.x ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.4.2603 ant\u00e9rieures \u00e0 10.4.2603.1",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.4.x ant\u00e9rieures \u00e0 9.4.10",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk User Behavior Analytics versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
"product": {
"name": "Splunk User Behavior Analytics (UBA)",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Private Synthetic Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Analytics Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Analytics Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Machine Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Machine Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.11",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Python Agent versions ant\u00e9rieures \u00e0 26.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.0.x ant\u00e9rieures \u00e0 10.0.5",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Add-on for Tomcat versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.21",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Apache Web Server Agent versions 25.11.x ant\u00e9rieures \u00e0 25.11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.3.x ant\u00e9rieures \u00e0 9.3.11",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.13",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2026-32777",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32777"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2024-5321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5321"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-41324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2026-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42308"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"name": "CVE-2026-3543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3543"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2025-68384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68384"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2026-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42309"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"name": "CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"name": "CVE-2026-3540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3540"
},
{
"name": "CVE-2024-10220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10220"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2022-45868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45868"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2026-34876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34876"
},
{
"name": "CVE-2025-4432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4432"
},
{
"name": "CVE-2023-5590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5590"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2026-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2026-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3061"
},
{
"name": "CVE-2026-27171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-3731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2026-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3062"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2026-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1861"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2251"
},
{
"name": "CVE-2026-25833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25833"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-22690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22690"
},
{
"name": "CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2026-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3544"
},
{
"name": "CVE-2024-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2026-2648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2648"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2026-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40200"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2026-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27025"
},
{
"name": "CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"name": "CVE-2026-32778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32778"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-59465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2026-25834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25834"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2026-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3537"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27024"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2025-67030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
},
{
"name": "CVE-2026-34877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34877"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2026-34875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34875"
},
{
"name": "CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2026-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
},
{
"name": "CVE-2026-33055",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33055"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2017-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
},
{
"name": "CVE-2026-27699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"name": "CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"name": "CVE-2023-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2024-53899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2026-28351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28351"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-30251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2026-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2650"
},
{
"name": "CVE-2026-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3541"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2026-3539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3539"
},
{
"name": "CVE-2026-34874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34874"
},
{
"name": "CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2024-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
},
{
"name": "CVE-2026-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3538"
},
{
"name": "CVE-2025-55159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55159"
},
{
"name": "CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"name": "CVE-2026-22702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22702"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2025-68390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68390"
},
{
"name": "CVE-2024-11079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2026-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2026-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27888"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2026-33056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
},
{
"name": "CVE-2026-25835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25835"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2017-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2026-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-34872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34872"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3542"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-34871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34871"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2026-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3536"
},
{
"name": "CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-32650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32650"
},
{
"name": "CVE-2026-34873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34873"
},
{
"name": "CVE-2026-6042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6042"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2026-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-59466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2023-5408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5408"
},
{
"name": "CVE-2025-69277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
},
{
"name": "CVE-2026-25541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25541"
},
{
"name": "CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42311"
},
{
"name": "CVE-2026-20239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20239"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2026-3063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3063"
},
{
"name": "CVE-2019-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2024-27308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27308"
},
{
"name": "CVE-2026-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42310"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2026-20240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20240"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2025-66566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2017-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
},
{
"name": "CVE-2026-27026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27026"
},
{
"name": "CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-1584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1584"
},
{
"name": "CVE-2026-20238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20238"
},
{
"name": "CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2026-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3545"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2026-28804",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
},
{
"name": "CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-2649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2649"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2025-37731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37731"
},
{
"name": "CVE-2026-24688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24688"
},
{
"name": "CVE-2026-32776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32776"
},
{
"name": "CVE-2025-12183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2026-22691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22691"
},
{
"name": "CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-05-21T00:00:00",
"last_revision_date": "2026-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0512",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0512"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0513",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0513"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0509",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0509"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0510",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0510"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0505",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0505"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0515",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0515"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0507",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0507"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0506",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0506"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0508",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0508"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0504",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0514",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0514"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0516",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0516"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0501",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0501"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0503",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0511",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0511"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0502",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
}
]
}
FKIE_CVE-2020-25649
Vulnerability from fkie_nvd - Published: 2020-12-03 17:15 - Updated: 2024-11-21 05:18
Severity
Summary
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1887664 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://github.com/FasterXML/jackson-databind/issues/2589 | Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E | ||
| secalert@redhat.com | https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E | ||
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/ | ||
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210108-0007/ | Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1887664 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FasterXML/jackson-databind/issues/2589 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210108-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| fasterxml | jackson-databind | * | |
| netapp | oncommand_api_services | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | service_level_manager | - | |
| fedoraproject | fedora | 32 | |
| quarkus | quarkus | * | |
| apache | iotdb | * | |
| oracle | agile_plm | 9.3.6 | |
| oracle | agile_product_lifecycle_management_integration_pack | 3.6 | |
| oracle | banking_apis | * | |
| oracle | banking_apis | 19.1 | |
| oracle | banking_apis | 19.2 | |
| oracle | banking_apis | 20.1 | |
| oracle | banking_apis | 21.1 | |
| oracle | banking_platform | 2.6.2 | |
| oracle | banking_platform | 2.7.0 | |
| oracle | banking_platform | 2.7.1 | |
| oracle | banking_platform | 2.8.0 | |
| oracle | banking_platform | 2.9.0 | |
| oracle | banking_platform | 2.10.0 | |
| oracle | banking_treasury_management | 4.4 | |
| oracle | blockchain_platform | * | |
| oracle | coherence | 12.2.1.4.0 | |
| oracle | coherence | 14.1.1.0.0 | |
| oracle | commerce_platform | * | |
| oracle | commerce_platform | 11.2.0 | |
| oracle | communications_billing_and_revenue_management | 7.5.0.23.0 | |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | |
| oracle | communications_cloud_native_core_unified_data_repository | 1.4.0 | |
| oracle | communications_convergent_charging_controller | 12.0.4.0.0 | |
| oracle | communications_evolved_communications_application_server | 7.1 | |
| oracle | communications_instant_messaging_server | 10.0.1.5.0 | |
| oracle | communications_interactive_session_recorder | 6.3 | |
| oracle | communications_interactive_session_recorder | 6.4 | |
| oracle | communications_network_charging_and_control | 12.0.4.0.0 | |
| oracle | communications_offline_mediation_controller | 12.0.0.3 | |
| oracle | communications_pricing_design_center | 12.0.0.4.0 | |
| oracle | communications_services_gatekeeper | 7.0 | |
| oracle | communications_unified_inventory_management | 7.4.1 | |
| oracle | goldengate_application_adapters | 19.1.0.0.0 | |
| oracle | health_sciences_empirica_signal | 9.0 | |
| oracle | health_sciences_empirica_signal | 9.1 | |
| oracle | insurance_policy_administration | * | |
| oracle | insurance_policy_administration | 11.0.2 | |
| oracle | insurance_rules_palette | * | |
| oracle | insurance_rules_palette | 11.0.2 | |
| oracle | jd_edwards_enterpriseone_orchestrator | * | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | primavera_gateway | * | |
| oracle | primavera_gateway | * | |
| oracle | primavera_gateway | * | |
| oracle | primavera_gateway | * | |
| oracle | primavera_gateway | 20.12.0 | |
| oracle | retail_service_backbone | 14.1.3.2 | |
| oracle | retail_service_backbone | 15.0.3.1 | |
| oracle | retail_service_backbone | 16.0.3 | |
| oracle | retail_xstore_point_of_service | 16.0.6 | |
| oracle | retail_xstore_point_of_service | 17.0.4 | |
| oracle | retail_xstore_point_of_service | 18.0.3 | |
| oracle | retail_xstore_point_of_service | 19.0.2 | |
| oracle | retail_xstore_point_of_service | 20.0.1 | |
| oracle | sd-wan_edge | 9.0 | |
| oracle | utilities_framework | 4.3.0.5.0 | |
| oracle | utilities_framework | 4.3.0.6.0 | |
| oracle | utilities_framework | 4.4.0.0.0 | |
| oracle | utilities_framework | 4.4.0.2.0 | |
| oracle | utilities_framework | 4.4.0.3.0 | |
| oracle | webcenter_portal | 12.2.1.3.0 | |
| oracle | webcenter_portal | 12.2.1.4.0 | |
| oracle | communications_messaging_server | 8.0.2 | |
| oracle | communications_messaging_server | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C23395F-4438-4B80-9DA6-87E760F7459A",
"versionEndExcluding": "2.6.7.4",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7703D07D-5784-47D1-9391-D376A24D7C5A",
"versionEndExcluding": "2.9.10.7",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C07803-813B-4AAC-9C08-9EB83756F16B",
"versionEndExcluding": "2.10.5.1",
"versionStartIncluding": "2.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFFB9C4-DE43-4ADC-B1C7-6F034741D9C3",
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C798AD5-AAF5-4044-B348-336F4CFA86CF",
"versionEndExcluding": "0.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
"matchCriteriaId": "5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF2D056-3118-4C31-BEDD-69F016898CBB",
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCE22C0-4253-40A5-89AE-499A3BC9EFF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5C28ED-C5AA-40B9-9B26-6A91D20B3E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "180F3D2A-7E7A-4DE9-9792-942CB3D6B51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F012E976-E219-46C2-8177-60ED859594BE",
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21BEF2FC-89B8-4D97-BB3A-C1ECA19D03B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1BC31C-6016-42A8-9517-2FBBC92620CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4012B512-DB7D-476A-93A6-51054DD6E3D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28AD22B9-A037-419C-8D72-8B062E6882FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A23B00C1-878A-4B55-B87B-EFFFA6A5E622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2051BA9E-E635-47D5-B942-8AC26E9487CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA81FC1-63E1-479F-941C-930351E43010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDB3D8B-1D04-4345-BB27-723186719CBD",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEAB5CD-4223-4A43-AB9E-486113827A6C",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A366B8-1B5C-4C9E-A761-1AB1547D7404",
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCA7DD9-8599-4E43-9D82-999BE15483B9",
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6951D244-845C-4BF2-AC75-F226B0C39C77",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53E2276C-9515-46F6-A621-213A3047B9A6",
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54",
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A932C79-8646-4023-9C12-9C7A2A6840EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BBA303-8D2B-48C5-B52A-4E192166699C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E819270D-AA7D-4B0E-990B-D25AB6E46FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en FasterXML Jackson Databind, donde no ten\u00eda la expansi\u00f3n de entidad asegurada apropiadamente. Este fallo permite una vulnerabilidad a ataques de tipo XML external entity (XXE). La mayor amenaza de esta vulnerabilidad es la integridad de los datos"
}
],
"id": "CVE-2020-25649",
"lastModified": "2024-11-21T05:18:20.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-03T17:15:12.503",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-288C-CQ4H-88GQ
Vulnerability from github – Published: 2021-02-18 20:51 – Updated: 2024-03-15 00:30
VLAI
Summary
XML External Entity (XXE) Injection in Jackson Databind
Details
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Severity
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.6.7.3"
},
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.7.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.9.10.6"
},
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0.0"
},
{
"fixed": "2.9.10.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.10.5.0"
},
"package": {
"ecosystem": "Maven",
"name": "com.fasterxml.jackson.core:jackson-databind"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0.0"
},
{
"fixed": "2.10.5.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-25649"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2021-02-18T20:41:26Z",
"nvd_published_at": "2020-12-03T17:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"id": "GHSA-288c-cq4h-88gq",
"modified": "2024-03-15T00:30:48Z",
"published": "2021-02-18T20:51:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/3d932709abd0b5390efe67451653fc9efa9db677"
},
{
"type": "WEB",
"url": "https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210108-0007"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E"
},
{
"type": "PACKAGE",
"url": "https://github.com/FasterXML/jackson-databind"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "XML External Entity (XXE) Injection in Jackson Databind"
}
GSD-2020-25649
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-25649",
"description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"id": "GSD-2020-25649",
"references": [
"https://www.suse.com/security/cve/CVE-2020-25649.html",
"https://access.redhat.com/errata/RHSA-2021:2476",
"https://access.redhat.com/errata/RHSA-2021:2475",
"https://access.redhat.com/errata/RHSA-2021:2039",
"https://access.redhat.com/errata/RHSA-2021:1429",
"https://access.redhat.com/errata/RHSA-2021:1260",
"https://access.redhat.com/errata/RHSA-2021:0811",
"https://access.redhat.com/errata/RHSA-2021:0381",
"https://access.redhat.com/errata/RHSA-2020:5533",
"https://access.redhat.com/errata/RHSA-2020:5410",
"https://access.redhat.com/errata/RHSA-2020:5361",
"https://access.redhat.com/errata/RHSA-2020:5344",
"https://access.redhat.com/errata/RHSA-2020:5342",
"https://access.redhat.com/errata/RHSA-2020:5341",
"https://access.redhat.com/errata/RHSA-2020:5340",
"https://access.redhat.com/errata/RHSA-2020:4402",
"https://access.redhat.com/errata/RHSA-2020:4401",
"https://access.redhat.com/errata/RHSA-2020:4379",
"https://access.redhat.com/errata/RHSA-2020:4312",
"https://advisories.mageia.org/CVE-2020-25649.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-25649"
],
"details": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"id": "GSD-2020-25649",
"modified": "2023-12-13T01:21:57.047118Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jackson-databind",
"version": {
"version_data": [
{
"version_value": "jackson-databind-2.11.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2589",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"
},
{
"name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "FEDORA-2021-1d8254899c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E"
},
{
"name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"name": "[spark-user] 20210621 Re: CVEs",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[2.6.0,2.6.7.4),[2.9.0,2.9.10.7),[2.10.0,2.10.5.1)",
"affected_versions": "All versions starting from 2.6.0 before 2.6.7.4, all versions starting from 2.9.0 before 2.9.10.7, all versions starting from 2.10.0 before 2.10.5.1",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-611",
"CWE-937"
],
"date": "2021-10-26",
"description": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"fixed_versions": [
"2.6.7.4",
"2.9.10.7",
"2.10.5.1"
],
"identifier": "CVE-2020-25649",
"identifiers": [
"CVE-2020-25649"
],
"not_impacted": "All versions before 2.6.0, all versions starting from 2.6.7.4 before 2.9.0, all versions starting from 2.9.10.7 before 2.10.0, all versions starting from 2.10.5.1",
"package_slug": "maven/com.fasterxml.jackson.core/jackson-databind",
"pubdate": "2020-12-03",
"solution": "Upgrade to versions 2.6.7.4, 2.9.10.7, 2.10.5.1 or above.",
"title": "Improper Restriction of XML External Entity Reference",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-25649",
"https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
],
"uuid": "b82624cc-392d-43db-ae9f-1a7b87e7c5c8"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.10.5.1",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.9.10.7",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.6.7.4",
"versionStartIncluding": "2.6.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.12.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.2",
"versionStartIncluding": "11.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25649"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FasterXML/jackson-databind/issues/2589",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"name": "[kafka-jira] 20201205 [GitHub] [kafka] sirocchj opened a new pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[druid-commits] 20201208 [GitHub] [druid] jihoonson opened a new pull request #10655: Bump up jackson-databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201209 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] sirocchj commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201210 [GitHub] [kafka] niteshmor commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma commented on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20201215 Re: [VOTE] 2.7.0 RC5",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20201215 Re: [VOTE] 2.7.0 RC5",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma merged pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20201215 [GitHub] [kafka] ijuma edited a comment on pull request #9702: CVE-2020-25649: bumping jackson to patched version 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3Cjira.kafka.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210105 [jira] [Created] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kafka-users] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210105 Re: [kafka-clients] Re: [VOTE] 2.6.1 RC3",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] edwin092 opened a new pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210106 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] asfgit closed pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210106 [GitHub] [zookeeper] nkalmar commented on pull request #1572: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch master updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210108-0007/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"name": "[zookeeper-issues] 20210116 [jira] [Commented] (ZOOKEEPER-4045) CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210121 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210122 [GitHub] [flink-shaded] HuangXingBo opened a new pull request #93: [FLINK-21020][jackson] Bump version to 2.12.1",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3Cissues.flink.apache.org%3E"
},
{
"name": "[tomee-commits] 20210127 [jira] [Created] (TOMEE-2965) CVE-2020-25649 - Update jackson databind",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "FEDORA-2021-1d8254899c",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] svogt opened a new pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [karaf] branch master updated: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre merged pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[karaf-commits] 20210217 [GitHub] [karaf] jbonofre commented on pull request #1296: Update jackson-databind to fix CVE-2020-25649 / BDSA-2020-2965",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3Ccommits.karaf.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Assigned] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210223 [jira] [Created] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210223 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210315 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3Cissues.hive.apache.org%3E"
},
{
"name": "[turbine-commits] 20210316 svn commit: r1887732 - in /turbine/fulcrum/trunk/json: ./ jackson/ jackson/src/test/org/apache/fulcrum/json/jackson/ jackson2/ jackson2/src/test/org/apache/fulcrum/json/jackson/ jackson2/src/test/org/apache/fulcrum/json/jackson/mixins/",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210316 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3Cissues.hive.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 opened a new pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-notifications] 20210324 [jira] [Created] (IOTDB-1256) Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3Cnotifications.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210324 [GitHub] [iotdb] wangchao316 closed pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[iotdb-commits] 20210325 [iotdb] branch master updated: [IOTDB-1256] upgrade Jackson to 2.11.0 because of loopholes CVE-2020-25649 (#2896)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3Ccommits.iotdb.apache.org%3E"
},
{
"name": "[iotdb-reviews] 20210325 [GitHub] [iotdb] jixuan1989 merged pull request #2896: [IOTDB-1256] Jackson have loopholes CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3Creviews.iotdb.apache.org%3E"
},
{
"name": "[hive-issues] 20210503 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210510 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210514 [jira] [Work logged] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3Cissues.hive.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Created] (KNOX-2614) Upgrade Jackson due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3Cdev.knox.apache.org%3E"
},
{
"name": "[knox-dev] 20210601 [jira] [Updated] (KNOX-2614) Upgrade jackson-databind to 2.10.5 due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3Cdev.knox.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[spark-user] 20210621 Re: CVEs",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3Cuser.spark.apache.org%3E"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[kafka-users] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210831 Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-users] 20210901 Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Updated] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20211012 [jira] [Resolved] (HIVE-24816) Upgrade jackson to 2.10.5.1 or 2.11.0+ due to CVE-2020-25649",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3Cissues.hive.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-02-02T16:18Z",
"publishedDate": "2020-12-03T17:15Z"
}
}
}
NCSC-2025-0128
Vulnerability from csaf_ncscnl - Published: 2025-04-16 15:01 - Updated: 2025-04-16 15:01Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder de Utilities Application Framework, WebLogic Server, en Fusion Middleware.
Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om toegang te krijgen tot kritieke gegevens, Denial-of-Service (DoS) te veroorzaken, en in sommige gevallen zelfs volledige controle over systemen te verkrijgen. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen of door gebruik te maken van onveilige configuraties in de getroffen producten.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-125: Out-of-bounds Read
CWE-404: Improper Resource Shutdown or Release
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-400: Uncontrolled Resource Consumption
CWE-502: Deserialization of Untrusted Data
CWE-674: Uncontrolled Recursion
CWE-611: Improper Restriction of XML External Entity Reference
CWE-787: Out-of-bounds Write
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-121: Stack-based Buffer Overflow
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20: Improper Input Validation
8.8 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
8.2 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.1 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
6.5 (Medium)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
8.1 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
9.8 (Critical)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Access Manager
|
cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Process Management Suite
|
cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle HTTP Server
|
cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Managed File Transfer
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Managed File Transfer
|
cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle SOA Suite
|
cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.3.0 | ||
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle WebLogic Server
|
cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Weblogic Server
|
vers:unknown/14.1.1.0.0 | ||
|
vers:oracle/8.5.7
Oracle / Oracle Fusion Middleware / Oracle Outside In Technology
|
cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*
|
vers:oracle/8.5.7 | |
|
vers:unknown/8.5.7
Oracle / Oracle / Outside In Technology
|
vers:unknown/8.5.7 | ||
|
vers:unknown/12.2.1.4.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Coherence
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Oracle / Coherence
|
vers:unknown/14.1.1.0.0 | ||
|
vers:unknown/14.1.1.0.0
Oracle / Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:unknown/14.1.1.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Coherence
|
cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Fusion Middleware MapViewer
|
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Jdeveloper (Application)
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle JDeveloper
|
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.1.0.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Forms Recognition
|
cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.1.0.0 | |
|
vers:oracle/12.2.1.3.0
Oracle / Oracle WebCenter Portal
|
vers:oracle/12.2.1.3.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle WebCenter Portal
|
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:unknown/12.2.1.3.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.3.0 | ||
|
vers:unknown/12.2.1.3.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.3.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / WebCenter Portal
|
vers:unknown/12.2.1.4.0 | ||
|
vers:unknown/12.2.1.4.0
Oracle / WebCenter Portal
|
cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:unknown/12.2.1.4.0 | |
|
vers:unknown/12.2.1.4.0
Oracle / Oracle / Data Integrator
|
vers:unknown/12.2.1.4.0 | ||
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Data Integrator
|
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 | |
|
vers:oracle/14.1.2.0.0
Oracle / Oracle Fusion Middleware / Oracle Business Activity Monitoring
|
cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*
|
vers:oracle/14.1.2.0.0 | |
|
vers:oracle/12.2.1.4.0
Oracle / Oracle Fusion Middleware / Oracle Service Bus
|
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
|
vers:oracle/12.2.1.4.0 |
References
22 references
| URL | Category |
|---|---|
| https://www.oracle.com/security-alerts/cpuapr2025.html | external |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2020… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2020… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2025… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in verschillende producten, waaronder de Utilities Application Framework, WebLogic Server, en Fusion Middleware.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen ongeauthenticeerde kwaadwillenden in staat om toegang te krijgen tot kritieke gegevens, Denial-of-Service (DoS) te veroorzaken, en in sommige gevallen zelfs volledige controle over systemen te verkrijgen. Kwaadwillenden kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen of door gebruik te maken van onveilige configuraties in de getroffen producten.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements Used in a Template Engine",
"title": "CWE-1336"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2025-04-16T15:01:24.587426Z",
"generator": {
"date": "2025-02-25T15:15:00Z",
"engine": {
"name": "V.A.",
"version": "1.0"
}
},
"id": "NCSC-2025-0128",
"initial_release_date": "2025-04-16T15:01:24.587426Z",
"revision_history": [
{
"date": "2025-04-16T15:01:24.587426Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2699078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Access Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839842",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2698989",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_process_management_suite:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Business Process Management Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839864",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2698967",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:http_server:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839938",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2699074",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:managed_file_transfer:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Managed File Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2698998",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2698997",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:soa_suite:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle SOA Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839896",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.1.0.0",
"product": {
"name": "vers:oracle/14.1.1.0.0",
"product_id": "CSAFPID-1839897",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-1840030",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/8.5.7",
"product": {
"name": "vers:oracle/8.5.7",
"product_id": "CSAFPID-1839872",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:outside_in_technology:8.5.7:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Outside In Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1840014",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.1.0.0",
"product": {
"name": "vers:oracle/14.1.1.0.0",
"product_id": "CSAFPID-1839982",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2699125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1839988",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Fusion Middleware MapViewer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2698948",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle JDeveloper"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/14.1.1.0.0",
"product": {
"name": "vers:oracle/14.1.1.0.0",
"product_id": "CSAFPID-2699057",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:webcenter_forms_recognition:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Forms Recognition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1840006",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2698985",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Data Integrator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1840028",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.2.0.0",
"product": {
"name": "vers:oracle/14.1.2.0.0",
"product_id": "CSAFPID-2699064",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_activity_monitoring:14.1.2.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Business Activity Monitoring"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-2699044",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle Service Bus"
}
],
"category": "product_family",
"name": "Oracle Fusion Middleware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1213401"
}
}
],
"category": "product_name",
"name": "Managed File Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.3.0",
"product": {
"name": "vers:unknown/12.2.1.3.0",
"product_id": "CSAFPID-1536644"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1536288"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/14.1.1.0.0",
"product": {
"name": "vers:unknown/14.1.1.0.0",
"product_id": "CSAFPID-1536278"
}
}
],
"category": "product_name",
"name": "Weblogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/8.5.7",
"product": {
"name": "vers:unknown/8.5.7",
"product_id": "CSAFPID-1233360"
}
}
],
"category": "product_name",
"name": "Outside In Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1210435"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/14.1.1.0.0",
"product": {
"name": "vers:unknown/14.1.1.0.0",
"product_id": "CSAFPID-1210304"
}
}
],
"category": "product_name",
"name": "Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1247956"
}
}
],
"category": "product_name",
"name": "Jdeveloper (Application)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.3.0",
"product": {
"name": "vers:unknown/12.2.1.3.0",
"product_id": "CSAFPID-1214253"
}
},
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1232894"
}
}
],
"category": "product_name",
"name": "WebCenter Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-1201529"
}
}
],
"category": "product_name",
"name": "Data Integrator"
}
],
"category": "product_family",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1144680",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:oracle/14.1.1.0.0",
"product": {
"name": "vers:oracle/14.1.1.0.0",
"product_id": "CSAFPID-1144604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-39413",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/14.1.1.0.0",
"product": {
"name": "vers:unknown/14.1.1.0.0",
"product_id": "CSAFPID-39412",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.3.0",
"product": {
"name": "vers:oracle/12.2.1.3.0",
"product_id": "CSAFPID-1144910"
}
},
{
"category": "product_version_range",
"name": "vers:oracle/12.2.1.4.0",
"product": {
"name": "vers:oracle/12.2.1.4.0",
"product_id": "CSAFPID-1144911",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.3.0",
"product": {
"name": "vers:unknown/12.2.1.3.0",
"product_id": "CSAFPID-317201",
"product_identification_helper": {
"cpe": "cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version_range",
"name": "vers:unknown/12.2.1.4.0",
"product": {
"name": "vers:unknown/12.2.1.4.0",
"product_id": "CSAFPID-307786",
"product_identification_helper": {
"cpe": "cpe:2.3:a:ibm:oracle_webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_name",
"name": "WebCenter Portal"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13936",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements Used in a Template Engine",
"title": "CWE-1336"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13936",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13936.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2020-13936"
},
{
"cve": "CVE-2020-25649",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-25649",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-25649.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2023-26464",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-26464",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26464.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2023-26464"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-9143",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json"
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-11612",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11612",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11612.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-11612"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-28168",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28168",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28168.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-28168"
},
{
"cve": "CVE-2024-29857",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29857",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-29857"
},
{
"cve": "CVE-2024-38476",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Inclusion of Functionality from Untrusted Control Sphere",
"title": "CWE-829"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38476",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38476.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-38476"
},
{
"cve": "CVE-2024-40896",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-40896",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40896.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-40896"
},
{
"cve": "CVE-2024-47072",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-47072"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-50602",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50602",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50602.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-52046",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52046",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52046.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-52046"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23184.json"
}
],
"title": "CVE-2025-23184"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-24970",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24970.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2025-24970"
},
{
"cve": "CVE-2025-27363",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27363",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-27363.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H",
"version": "3.1"
},
"products": [
"CSAFPID-2699078",
"CSAFPID-1839842",
"CSAFPID-2698989",
"CSAFPID-1839864",
"CSAFPID-2698967",
"CSAFPID-1213401",
"CSAFPID-1839938",
"CSAFPID-2699074",
"CSAFPID-2698998",
"CSAFPID-2698997",
"CSAFPID-1144680",
"CSAFPID-1839896",
"CSAFPID-1144604",
"CSAFPID-1839897",
"CSAFPID-1536644",
"CSAFPID-1840030",
"CSAFPID-1536288",
"CSAFPID-1536278",
"CSAFPID-1839872",
"CSAFPID-1233360",
"CSAFPID-39413",
"CSAFPID-1210435",
"CSAFPID-1210304",
"CSAFPID-39412",
"CSAFPID-1840014",
"CSAFPID-1839982",
"CSAFPID-2699125",
"CSAFPID-1839988",
"CSAFPID-1247956",
"CSAFPID-2698948",
"CSAFPID-2699057",
"CSAFPID-1144910",
"CSAFPID-1840006",
"CSAFPID-1144911",
"CSAFPID-1214253",
"CSAFPID-317201",
"CSAFPID-1232894",
"CSAFPID-307786",
"CSAFPID-1201529",
"CSAFPID-2698985",
"CSAFPID-1840028",
"CSAFPID-2699064",
"CSAFPID-2699044"
]
}
],
"title": "CVE-2025-27363"
}
]
}
OPENSUSE-SU-2024:10868-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
jackson-databind-2.10.5.1-2.2 on GA media
Severity
Moderate
Notes
Title of the patch: jackson-databind-2.10.5.1-2.2 on GA media
Description of the patch: These are all security issues fixed in the jackson-databind-2.10.5.1-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10868
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
10 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.8 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
59 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2018-11307/ | self |
| https://www.suse.com/security/cve/CVE-2018-12022/ | self |
| https://www.suse.com/security/cve/CVE-2018-12023/ | self |
| https://www.suse.com/security/cve/CVE-2018-14718/ | self |
| https://www.suse.com/security/cve/CVE-2018-14721/ | self |
| https://www.suse.com/security/cve/CVE-2018-19360/ | self |
| https://www.suse.com/security/cve/CVE-2018-19361/ | self |
| https://www.suse.com/security/cve/CVE-2018-7489/ | self |
| https://www.suse.com/security/cve/CVE-2019-12086/ | self |
| https://www.suse.com/security/cve/CVE-2019-12384/ | self |
| https://www.suse.com/security/cve/CVE-2019-12814/ | self |
| https://www.suse.com/security/cve/CVE-2019-14379/ | self |
| https://www.suse.com/security/cve/CVE-2019-14439/ | self |
| https://www.suse.com/security/cve/CVE-2019-14540/ | self |
| https://www.suse.com/security/cve/CVE-2019-14893/ | self |
| https://www.suse.com/security/cve/CVE-2019-16942/ | self |
| https://www.suse.com/security/cve/CVE-2019-17267/ | self |
| https://www.suse.com/security/cve/CVE-2019-17531/ | self |
| https://www.suse.com/security/cve/CVE-2019-20330/ | self |
| https://www.suse.com/security/cve/CVE-2020-25649/ | self |
| https://www.suse.com/security/cve/CVE-2020-35728/ | self |
| https://www.suse.com/security/cve/CVE-2021-20190/ | self |
| https://www.suse.com/security/cve/CVE-2018-11307 | external |
| https://www.suse.com/security/cve/CVE-2018-12022 | external |
| https://www.suse.com/security/cve/CVE-2018-12023 | external |
| https://www.suse.com/security/cve/CVE-2018-14718 | external |
| https://www.suse.com/security/cve/CVE-2018-14721 | external |
| https://www.suse.com/security/cve/CVE-2018-19360 | external |
| https://www.suse.com/security/cve/CVE-2018-19361 | external |
| https://www.suse.com/security/cve/CVE-2018-7489 | external |
| https://bugzilla.suse.com/1202327 | external |
| https://www.suse.com/security/cve/CVE-2019-12086 | external |
| https://bugzilla.suse.com/1202327 | external |
| https://www.suse.com/security/cve/CVE-2019-12384 | external |
| https://www.suse.com/security/cve/CVE-2019-12814 | external |
| https://www.suse.com/security/cve/CVE-2019-14379 | external |
| https://bugzilla.suse.com/1165035 | external |
| https://www.suse.com/security/cve/CVE-2019-14439 | external |
| https://bugzilla.suse.com/1165034 | external |
| https://www.suse.com/security/cve/CVE-2019-14540 | external |
| https://bugzilla.suse.com/1165038 | external |
| https://bugzilla.suse.com/1165039 | external |
| https://www.suse.com/security/cve/CVE-2019-14893 | external |
| https://bugzilla.suse.com/1157186 | external |
| https://www.suse.com/security/cve/CVE-2019-16942 | external |
| https://bugzilla.suse.com/1165041 | external |
| https://www.suse.com/security/cve/CVE-2019-17267 | external |
| https://bugzilla.suse.com/1165044 | external |
| https://www.suse.com/security/cve/CVE-2019-17531 | external |
| https://www.suse.com/security/cve/CVE-2019-20330 | external |
| https://bugzilla.suse.com/1160113 | external |
| https://www.suse.com/security/cve/CVE-2020-25649 | external |
| https://bugzilla.suse.com/1177616 | external |
| https://www.suse.com/security/cve/CVE-2020-35728 | external |
| https://bugzilla.suse.com/1180391 | external |
| https://www.suse.com/security/cve/CVE-2021-20190 | external |
| https://bugzilla.suse.com/1181118 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jackson-databind-2.10.5.1-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jackson-databind-2.10.5.1-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10868",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10868-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-11307 page",
"url": "https://www.suse.com/security/cve/CVE-2018-11307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12022 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12023 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14718 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14721 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7489 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12086 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12384 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-12814 page",
"url": "https://www.suse.com/security/cve/CVE-2019-12814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14379 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14439 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14540 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14893 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16942 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17267 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17531 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20330 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25649 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35728 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20190 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20190/"
}
],
"title": "jackson-databind-2.10.5.1-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10868-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.aarch64",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.aarch64",
"product_id": "jackson-databind-2.10.5.1-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.ppc64le",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.ppc64le",
"product_id": "jackson-databind-2.10.5.1-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.s390x",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.s390x",
"product_id": "jackson-databind-2.10.5.1-2.2.s390x"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.10.5.1-2.2.x86_64",
"product": {
"name": "jackson-databind-2.10.5.1-2.2.x86_64",
"product_id": "jackson-databind-2.10.5.1-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64",
"product": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64",
"product_id": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.10.5.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64"
},
"product_reference": "jackson-databind-2.10.5.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
},
"product_reference": "jackson-databind-javadoc-2.10.5.1-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-11307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-11307"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-11307",
"url": "https://www.suse.com/security/cve/CVE-2018-11307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-11307"
},
{
"cve": "CVE-2018-12022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12022"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12022",
"url": "https://www.suse.com/security/cve/CVE-2018-12022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12022"
},
{
"cve": "CVE-2018-12023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12023"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12023",
"url": "https://www.suse.com/security/cve/CVE-2018-12023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12023"
},
{
"cve": "CVE-2018-14718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14718"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14718",
"url": "https://www.suse.com/security/cve/CVE-2018-14718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14718"
},
{
"cve": "CVE-2018-14721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14721"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14721",
"url": "https://www.suse.com/security/cve/CVE-2018-14721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14721"
},
{
"cve": "CVE-2018-19360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19360"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19360",
"url": "https://www.suse.com/security/cve/CVE-2018-19360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-19360"
},
{
"cve": "CVE-2018-19361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19361"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19361",
"url": "https://www.suse.com/security/cve/CVE-2018-19361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-19361"
},
{
"cve": "CVE-2018-7489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7489"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7489",
"url": "https://www.suse.com/security/cve/CVE-2018-7489"
},
{
"category": "external",
"summary": "SUSE Bug 1202327 for CVE-2018-7489",
"url": "https://bugzilla.suse.com/1202327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-7489"
},
{
"cve": "CVE-2019-12086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12086"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12086",
"url": "https://www.suse.com/security/cve/CVE-2019-12086"
},
{
"category": "external",
"summary": "SUSE Bug 1202327 for CVE-2019-12086",
"url": "https://bugzilla.suse.com/1202327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-12086"
},
{
"cve": "CVE-2019-12384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12384"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12384",
"url": "https://www.suse.com/security/cve/CVE-2019-12384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12384"
},
{
"cve": "CVE-2019-12814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-12814"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-12814",
"url": "https://www.suse.com/security/cve/CVE-2019-12814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-12814"
},
{
"cve": "CVE-2019-14379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14379"
}
],
"notes": [
{
"category": "general",
"text": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14379",
"url": "https://www.suse.com/security/cve/CVE-2019-14379"
},
{
"category": "external",
"summary": "SUSE Bug 1165035 for CVE-2019-14379",
"url": "https://bugzilla.suse.com/1165035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-14379"
},
{
"cve": "CVE-2019-14439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14439"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14439",
"url": "https://www.suse.com/security/cve/CVE-2019-14439"
},
{
"category": "external",
"summary": "SUSE Bug 1165034 for CVE-2019-14439",
"url": "https://bugzilla.suse.com/1165034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14439"
},
{
"cve": "CVE-2019-14540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14540"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14540",
"url": "https://www.suse.com/security/cve/CVE-2019-14540"
},
{
"category": "external",
"summary": "SUSE Bug 1165038 for CVE-2019-14540",
"url": "https://bugzilla.suse.com/1165038"
},
{
"category": "external",
"summary": "SUSE Bug 1165039 for CVE-2019-14540",
"url": "https://bugzilla.suse.com/1165039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14540"
},
{
"cve": "CVE-2019-14893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14893"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14893",
"url": "https://www.suse.com/security/cve/CVE-2019-14893"
},
{
"category": "external",
"summary": "SUSE Bug 1157186 for CVE-2019-14893",
"url": "https://bugzilla.suse.com/1157186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-14893"
},
{
"cve": "CVE-2019-16942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16942"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16942",
"url": "https://www.suse.com/security/cve/CVE-2019-16942"
},
{
"category": "external",
"summary": "SUSE Bug 1165041 for CVE-2019-16942",
"url": "https://bugzilla.suse.com/1165041"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-16942"
},
{
"cve": "CVE-2019-17267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17267"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17267",
"url": "https://www.suse.com/security/cve/CVE-2019-17267"
},
{
"category": "external",
"summary": "SUSE Bug 1165044 for CVE-2019-17267",
"url": "https://bugzilla.suse.com/1165044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17267"
},
{
"cve": "CVE-2019-17531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17531"
}
],
"notes": [
{
"category": "general",
"text": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17531",
"url": "https://www.suse.com/security/cve/CVE-2019-17531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-17531"
},
{
"cve": "CVE-2019-20330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20330"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20330",
"url": "https://www.suse.com/security/cve/CVE-2019-20330"
},
{
"category": "external",
"summary": "SUSE Bug 1160113 for CVE-2019-20330",
"url": "https://bugzilla.suse.com/1160113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-20330"
},
{
"cve": "CVE-2020-25649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25649"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25649",
"url": "https://www.suse.com/security/cve/CVE-2020-25649"
},
{
"category": "external",
"summary": "SUSE Bug 1177616 for CVE-2020-25649",
"url": "https://bugzilla.suse.com/1177616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2020-35728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35728"
}
],
"notes": [
{
"category": "general",
"text": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35728",
"url": "https://www.suse.com/security/cve/CVE-2020-35728"
},
{
"category": "external",
"summary": "SUSE Bug 1180391 for CVE-2020-35728",
"url": "https://bugzilla.suse.com/1180391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-35728"
},
{
"cve": "CVE-2021-20190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20190"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20190",
"url": "https://www.suse.com/security/cve/CVE-2021-20190"
},
{
"category": "external",
"summary": "SUSE Bug 1181118 for CVE-2021-20190",
"url": "https://bugzilla.suse.com/1181118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-2.10.5.1-2.2.x86_64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.aarch64",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.ppc64le",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.s390x",
"openSUSE Tumbleweed:jackson-databind-javadoc-2.10.5.1-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-20190"
}
]
}
RHSA-2020:4312
Vulnerability from csaf_redhat - Published: 2020-10-22 16:48 - Updated: 2026-05-14 22:30Summary
Red Hat Security Advisory: rh-maven35-jackson-databind security update
Severity
Important
Notes
Topic: An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
7.5 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2020:4312 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1887664 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2020-25649 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1887664 | external |
| https://www.cve.org/CVERecord?id=CVE-2020-25649 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2020-25649 | external |
| https://github.com/FasterXML/jackson-databind/iss… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4312",
"url": "https://access.redhat.com/errata/RHSA-2020:4312"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1887664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4312.json"
}
],
"title": "Red Hat Security Advisory: rh-maven35-jackson-databind security update",
"tracking": {
"current_release_date": "2026-05-14T22:30:31+00:00",
"generator": {
"date": "2026-05-14T22:30:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:4312",
"initial_release_date": "2020-10-22T16:48:27+00:00",
"revision_history": [
{
"date": "2020-10-22T16:48:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-22T16:48:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:30:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"product": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"product_id": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.12.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"product": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"product_id": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-jackson-databind-javadoc@2.7.6-2.12.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"product": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"product_id": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-jackson-databind@2.7.6-2.12.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src"
},
"product_reference": "rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch"
},
"product_reference": "rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25649",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2020-08-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1887664"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25649"
},
{
"category": "external",
"summary": "RHBZ#1887664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2589",
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
}
],
"release_date": "2020-01-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-22T16:48:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4312"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this flaw.",
"product_ids": [
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-Alt-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Server-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-0:2.7.6-2.12.el7.src",
"7Workstation-RHSCL-3.5:rh-maven35-jackson-databind-javadoc-0:2.7.6-2.12.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)"
}
]
}
RHSA-2020:4379
Vulnerability from csaf_redhat - Published: 2020-11-09 18:26 - Updated: 2026-05-14 22:30Summary
Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 3.9.4 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat build of Eclipse Vert.x.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.
Details: This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)(CVE-2020-25649)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Vert.x 3.9.4
Red Hat / Red Hat OpenShift Application Runtimes
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
11 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2020:4379 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/jbossnetwork/restricted… | external |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1887664 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2020-25649 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1887664 | external |
| https://www.cve.org/CVERecord?id=CVE-2020-25649 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2020-25649 | external |
| https://github.com/FasterXML/jackson-databind/iss… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat build of Eclipse Vert.x.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Eclipse Vert.x 3.9.4 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)(CVE-2020-25649)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4379",
"url": "https://access.redhat.com/errata/RHSA-2020:4379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=3.9.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=3.9.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.9/html/release_notes_for_eclipse_vert.x_3.9/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/3.9/html/release_notes_for_eclipse_vert.x_3.9/index"
},
{
"category": "external",
"summary": "1887664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4379.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 3.9.4 security update",
"tracking": {
"current_release_date": "2026-05-14T22:30:33+00:00",
"generator": {
"date": "2026-05-14T22:30:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:4379",
"initial_release_date": "2020-11-09T18:26:24+00:00",
"revision_history": [
{
"date": "2020-11-09T18:26:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-11-09T18:26:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:30:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Vert.x 3.9.4",
"product": {
"name": "Vert.x 3.9.4",
"product_id": "Vert.x 3.9.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Application Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25649",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2020-08-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1887664"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Vert.x 3.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-25649"
},
{
"category": "external",
"summary": "RHBZ#1887664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-databind/issues/2589",
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
}
],
"release_date": "2020-01-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-11-09T18:26:24+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Vert.x 3.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4379"
},
{
"category": "workaround",
"details": "There is currently no known mitigation for this flaw.",
"product_ids": [
"Vert.x 3.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Vert.x 3.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…