Vulnerabilites related to oracle - communications_ip_service_activator
cve-2021-45105
Vulnerability from cvelistv5
Published
2021-12-18 11:55
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Version: log4j-core < 2.17.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:20.295Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j2", vendor: "Apache Software Foundation", versions: [ { changes: [ { at: "2.13.0", status: "affected", }, { at: "2.12.3", status: "unaffected", }, { at: "2.4", status: "affected", }, { at: "2.3.1", status: "unaffected", }, { at: "2.0-alpha1", status: "affected", }, ], lessThan: "2.17.0", status: "affected", version: "log4j-core", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher", }, ], descriptions: [ { lang: "en", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, ], metrics: [ { other: { content: { other: "high", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-674", description: "CWE-674: Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:41:57", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { defect: [ "LOG4J2-3230", ], discovery: "UNKNOWN", }, title: "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", workarounds: [ { lang: "en", value: "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-45105", STATE: "PUBLIC", TITLE: "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j2", version: { version_data: [ { version_affected: "<", version_name: "log4j-core", version_value: "2.17.0", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.13.0", }, { version_affected: "<", version_name: "log4j-core", version_value: "2.12.3", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.4", }, { version_affected: "<", version_name: "log4j-core", version_value: "2.3.1", }, { version_affected: ">=", version_name: "log4j-core", version_value: "2.0-alpha1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro’s Zero Day Initiative, and another anonymous vulnerability researcher", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "high", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20 Improper Input Validation", }, ], }, { description: [ { lang: "eng", value: "CWE-674: Uncontrolled Recursion", }, ], }, ], }, references: { reference_data: [ { name: "https://logging.apache.org/log4j/2.x/security.html", refsource: "MISC", url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { name: "VU#930724", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/930724", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { name: "DSA-5024", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-5024", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { name: "https://security.netapp.com/advisory/ntap-20211218-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { defect: [ "LOG4J2-3230", ], discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-45105", datePublished: "2021-12-18T11:55:08", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2024-08-04T04:39:20.295Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11055
Vulnerability from cvelistv5
Published
2018-08-31 18:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RSA | BSAFE Micro Edition Suite |
Version: unspecified < 4.0.11 Version: unspecified < 4.1.6.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { lessThan: "4.0.11", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "4.1.6.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11055", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.11", }, { affected: "<", version_affected: "<", version_value: "4.1.6.1", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11055", datePublished: "2018-08-31T18:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.580Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11056
Vulnerability from cvelistv5
Published
2018-08-31 18:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | RSA | BSAFE Micro Edition Suite |
Version: unspecified < 4.1.6.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { lessThan: "4.1.6.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "BSAFE Crypto-C Micro Edition", vendor: "RSA", versions: [ { lessThan: "4.0.5.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability ", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11056", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.1.6.1", }, ], }, }, ], }, vendor_name: "RSA", }, { product: { product_data: [ { product_name: "BSAFE Crypto-C Micro Edition", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.5.3", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability ", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11056", datePublished: "2018-08-31T18:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5427
Vulnerability from cvelistv5
Published
2019-04-22 20:52
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://hackerone.com/reports/509315 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:54:53.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2019-cb14e234fc", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/", }, { name: "FEDORA-2019-063672154a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/509315", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "c3p0", vendor: "n/a", versions: [ { status: "affected", version: "before 0.9.5.4", }, ], }, ], datePublic: "2019-04-16T00:00:00", descriptions: [ { lang: "en", value: "c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-776", description: "XML Entity Expansion (CWE-776)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:38:35", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { name: "FEDORA-2019-cb14e234fc", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/", }, { name: "FEDORA-2019-063672154a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/509315", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2019-5427", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "c3p0", version: { version_data: [ { version_value: "before 0.9.5.4", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "XML Entity Expansion (CWE-776)", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2019-cb14e234fc", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/", }, { name: "FEDORA-2019-063672154a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://hackerone.com/reports/509315", refsource: "MISC", url: "https://hackerone.com/reports/509315", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2019-5427", datePublished: "2019-04-22T20:52:56", dateReserved: "2019-01-04T00:00:00", dateUpdated: "2024-08-04T19:54:53.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-2351
Vulnerability from cvelistv5
Published
2021-07-20 22:43
Modified
2024-08-03 16:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Dec/19 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2021/Dec/20 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2023.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | WebLogic Server |
Version: 12.2.1.3.0 Version: 12.2.1.4.0 Version: 14.1.1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:38:57.682Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { name: "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2023.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebLogic Server", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "12.2.1.3.0", }, { status: "affected", version: "12.2.1.4.0", }, { status: "affected", version: "14.1.1.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-23T18:30:20.233Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { name: "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2023.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2021-2351", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebLogic Server", version: { version_data: [ { version_affected: "=", version_value: "12.2.1.3.0", }, { version_affected: "=", version_value: "12.2.1.4.0", }, { version_affected: "=", version_value: "14.1.1.0.0", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.3", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { name: "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { name: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2021-2351", datePublished: "2021-07-20T22:43:29", dateReserved: "2020-12-09T00:00:00", dateUpdated: "2024-08-03T16:38:57.682Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11058
Vulnerability from cvelistv5
Published
2018-09-14 20:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/108106 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | RSA | BSAFE Micro Edition Suite |
Version: unspecified < 4.0.11 Version: unspecified < 4.1.6.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "108106", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108106", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { lessThan: "4.0.11", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "4.1.6.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "BSAFE Crypto-C Micro Edition", vendor: "RSA", versions: [ { lessThan: "4.0.5.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Buffer Over-Read vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "108106", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108106", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11058", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.11", }, { affected: "<", version_affected: "<", version_value: "4.1.6.1", }, ], }, }, { product_name: "BSAFE Crypto-C Micro Edition", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.5.3", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer Over-Read vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "108106", refsource: "BID", url: "http://www.securityfocus.com/bid/108106", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11058", datePublished: "2018-09-14T20:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11057
Vulnerability from cvelistv5
Published
2018-08-31 18:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RSA | BSAFE Micro Edition Suite |
Version: unspecified < 4.0.11 Version: unspecified < 4.1.6.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { lessThan: "4.0.11", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "4.1.6.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Covert Timing Channel vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11057", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.11", }, { affected: "<", version_affected: "<", version_value: "4.1.6.1", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Covert Timing Channel vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11057", datePublished: "2018-08-31T18:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15769
Vulnerability from cvelistv5
Published
2018-11-16 21:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105929 | vdb-entry, x_refsource_BID | |
| https://seclists.org/fulldisclosure/2018/Nov/37 | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id/1042057 | vdb-entry, x_refsource_SECTRACK | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:01:54.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105929", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105929", }, { name: "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { name: "1042057", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042057", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-12T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:54", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "105929", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105929", }, { name: "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { name: "1042057", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042057", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-15769", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "105929", refsource: "BID", url: "http://www.securityfocus.com/bid/105929", }, { name: "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", refsource: "FULLDISC", url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { name: "1042057", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042057", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-15769", datePublished: "2018-11-16T21:00:00", dateReserved: "2018-08-23T00:00:00", dateUpdated: "2024-08-05T10:01:54.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12402
Vulnerability from cvelistv5
Published
2019-08-29 00:00
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Commons Compress |
Version: 1.15 to 1.18 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:17:39.992Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E", }, { name: "FEDORA-2019-c96a8d12b0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/", }, { name: "FEDORA-2019-da0eac1eb6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/", }, { name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230818-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Commons Compress", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.15 to 1.18", }, ], }, ], descriptions: [ { lang: "en", value: "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.", }, ], problemTypes: [ { descriptions: [ { description: "denial of service vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-18T13:06:40.207792", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E", }, { name: "FEDORA-2019-c96a8d12b0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/", }, { name: "FEDORA-2019-da0eac1eb6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/", }, { name: "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20230818-0001/", }, ], }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-12402", datePublished: "2019-08-29T00:00:00", dateReserved: "2019-05-28T00:00:00", dateUpdated: "2024-08-04T23:17:39.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-8610
Vulnerability from cvelistv5
Published
2017-11-13 22:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:27:40.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "93841", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93841", }, { name: "RHSA-2017:1659", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { name: "RHSA-2017:1658", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { name: "RHSA-2017:1801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { name: "RHSA-2017:0286", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0286.html", }, { name: "RHSA-2017:1413", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { name: "RHSA-2017:2494", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2494", }, { name: "FreeBSD-SA-16:35", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc", }, { name: "RHSA-2017:1414", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { name: "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2016/q4/224", }, { name: "RHSA-2017:0574", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html", }, { name: "DSA-3773", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2017/dsa-3773", }, { name: "RHSA-2017:1415", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { name: "1037084", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037084", }, { name: "RHSA-2017:1802", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { name: "RHSA-2017:2493", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2493", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20171130-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.360.cn/cve/CVE-2016-8610/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2016-8610", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "All 0.9.8", }, { status: "affected", version: "All 1.0.1", }, { status: "affected", version: "1.0.2 through 1.0.2h", }, { status: "affected", version: "1.1.0", }, ], }, ], datePublic: "2016-10-24T00:00:00", descriptions: [ { lang: "en", value: "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:51", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "93841", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93841", }, { name: "RHSA-2017:1659", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { name: "RHSA-2017:1658", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { name: "RHSA-2017:1801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { name: "RHSA-2017:0286", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0286.html", }, { name: "RHSA-2017:1413", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { name: "RHSA-2017:2494", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2494", }, { name: "FreeBSD-SA-16:35", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc", }, { name: "RHSA-2017:1414", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { name: "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2016/q4/224", }, { name: "RHSA-2017:0574", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html", }, { name: "DSA-3773", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2017/dsa-3773", }, { name: "RHSA-2017:1415", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { name: "1037084", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037084", }, { name: "RHSA-2017:1802", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { name: "RHSA-2017:2493", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2493", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20171130-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401", }, { tags: [ "x_refsource_MISC", ], url: "https://security.360.cn/cve/CVE-2016-8610/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.paloaltonetworks.com/CVE-2016-8610", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-8610", datePublished: "2017-11-13T22:00:00Z", dateReserved: "2016-10-12T00:00:00", dateUpdated: "2024-08-06T02:27:40.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11054
Vulnerability from cvelistv5
Published
2018-08-31 18:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RSA | BSAFE Micro Edition Suite |
Version: 4.1.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { status: "affected", version: "4.1.6", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "integer overflow vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11054", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "=", version_affected: "=", version_value: "4.1.6", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "integer overflow vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11054", datePublished: "2018-08-31T18:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10237
Vulnerability from cvelistv5
Published
2018-04-26 21:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:32:01.750Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2018:2428", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2428", }, { name: "RHSA-2018:2740", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2740", }, { name: "RHSA-2018:2741", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2741", }, { name: "RHSA-2018:2742", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2742", }, { name: "RHSA-2018:2598", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2598", }, { name: "RHSA-2018:2643", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2643", }, { name: "RHSA-2018:2424", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2424", }, { name: "RHSA-2018:2423", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2423", }, { name: "RHSA-2018:2425", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2425", }, { name: "RHSA-2018:2927", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2927", }, { name: "1041707", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041707", }, { name: "RHSA-2018:2743", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2743", }, { name: "[hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc%40%3Chdfs-dev.hadoop.apache.org%3E", }, { name: "[hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495%40%3Ccommon-dev.hadoop.apache.org%3E", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084%40%3Cgitbox.activemq.apache.org%3E", }, { name: "[cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d%40%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a%40%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3%40%3Cdev.cxf.apache.org%3E", }, { name: "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { name: "[cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2%40%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd%40%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9%40%3Cdev.cxf.apache.org%3E", }, { name: "[syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1%40%3Ccommon-dev.hadoop.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion", }, { name: "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d%40%3Cissues.flink.apache.org%3E", }, { name: "[lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55%40%3Cissues.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E", }, { name: "[flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4%40%3Cissues.flink.apache.org%3E", }, { name: "[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E", }, { name: "[storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94%40%3Cissues.storm.apache.org%3E", }, { name: "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220629-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-04-26T00:00:00", descriptions: [ { lang: "en", value: "Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-29T18:07:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2018:2428", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2428", }, { name: "RHSA-2018:2740", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2740", }, { name: "RHSA-2018:2741", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2741", }, { name: "RHSA-2018:2742", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2742", }, { name: "RHSA-2018:2598", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2598", }, { name: "RHSA-2018:2643", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2643", }, { name: "RHSA-2018:2424", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2424", }, { name: "RHSA-2018:2423", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2423", }, { name: "RHSA-2018:2425", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2425", }, { name: "RHSA-2018:2927", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2927", }, { name: "1041707", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041707", }, { name: "RHSA-2018:2743", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2743", }, { name: "[hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc%40%3Chdfs-dev.hadoop.apache.org%3E", }, { name: "[hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495%40%3Ccommon-dev.hadoop.apache.org%3E", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084%40%3Cgitbox.activemq.apache.org%3E", }, { name: "[cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:2858", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d%40%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a%40%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3%40%3Cdev.cxf.apache.org%3E", }, { name: "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { name: "[cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2%40%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd%40%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9%40%3Cdev.cxf.apache.org%3E", }, { name: "[syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1%40%3Ccommon-dev.hadoop.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion", }, { name: "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d%40%3Cissues.flink.apache.org%3E", }, { name: "[lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55%40%3Cissues.lucene.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E", }, { name: "[flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4%40%3Cissues.flink.apache.org%3E", }, { name: "[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E", }, { name: "[storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94%40%3Cissues.storm.apache.org%3E", }, { name: "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220629-0008/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10237", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2018:2428", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2428", }, { name: "RHSA-2018:2740", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2740", }, { name: "RHSA-2018:2741", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2741", }, { name: "RHSA-2018:2742", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2742", }, { name: "RHSA-2018:2598", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2598", }, { name: "RHSA-2018:2643", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2643", }, { name: "RHSA-2018:2424", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2424", }, { name: "RHSA-2018:2423", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2423", }, { name: "RHSA-2018:2425", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2425", }, { name: "RHSA-2018:2927", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2927", }, { name: "1041707", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041707", }, { name: "RHSA-2018:2743", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2743", }, { name: "[hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project", refsource: "MLIST", url: "https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc@%3Chdfs-dev.hadoop.apache.org%3E", }, { name: "[hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project", refsource: "MLIST", url: "https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495@%3Ccommon-dev.hadoop.apache.org%3E", }, { name: "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", }, { name: "[activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0", refsource: "MLIST", url: "https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084@%3Cgitbox.activemq.apache.org%3E", }, { name: "[cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3", refsource: "MLIST", url: "https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085@%3Ccommits.cassandra.apache.org%3E", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:2858", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "RHSA-2019:3149", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "[cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d@%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a@%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3@%3Cdev.cxf.apache.org%3E", }, { name: "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E", }, { name: "[cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2@%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd@%3Cdev.cxf.apache.org%3E", }, { name: "[cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9@%3Cdev.cxf.apache.org%3E", }, { name: "[syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540@%3Cdev.syncope.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1@%3Ccommon-dev.hadoop.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion", refsource: "CONFIRM", url: "https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion", }, { name: "[flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d@%3Cdev.flink.apache.org%3E", }, { name: "[flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45@%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d@%3Cissues.flink.apache.org%3E", }, { name: "[lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55@%3Cissues.lucene.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "[maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E", }, { name: "[flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4@%3Cissues.flink.apache.org%3E", }, { name: "[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E", }, { name: "[storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94@%3Cissues.storm.apache.org%3E", }, { name: "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E", }, { name: "[arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20220629-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220629-0008/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10237", datePublished: "2018-04-26T21:00:00", dateReserved: "2018-04-20T00:00:00", dateUpdated: "2024-08-05T07:32:01.750Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13990
Vulnerability from cvelistv5
Published
2019-07-26 00:00
Modified
2024-10-15 18:22
Severity ?
EPSS score ?
Summary
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:05:44.151Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E", }, { name: "[tomee-dev] 20190830 Quartz CVE-2019-13990", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E", }, { name: "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E", }, { name: "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E", }, { name: "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "https://github.com/quartz-scheduler/quartz/issues/467", }, { name: "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E", }, { name: "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E", }, { name: "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221028-0002/", }, { tags: [ "x_transferred", ], url: "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-13990", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:36:32.053865Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611 Improper Restriction of XML External Entity Reference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-15T18:22:20.316Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-28T05:44:55.522130", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E", }, { name: "[tomee-dev] 20190830 Quartz CVE-2019-13990", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E", }, { name: "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E", }, { name: "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E", }, { name: "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "https://github.com/quartz-scheduler/quartz/issues/467", }, { name: "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E", }, { name: "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E", }, { name: "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://security.netapp.com/advisory/ntap-20221028-0002/", }, { url: "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13990", datePublished: "2019-07-26T00:00:00", dateReserved: "2019-07-19T00:00:00", dateUpdated: "2024-10-15T18:22:20.316Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 06:02
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:advanced_networking_option:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E95885F4-38B5-445A-B084-6B87172F2082", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:advanced_networking_option:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "FC810AC7-4185-4E20-AFE8-72A97C2933EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:advanced_networking_option:19c:*:*:*:*:*:*:*", matchCriteriaId: "231C1E97-2198-4DD7-8BD1-5FF4DDA14CDA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "06480458-3216-4C42-9270-F68A41EEC147", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "480BF1CB-11D7-4D86-A99E-960F316F2E1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F84E5662-0289-4ED5-A112-BC506508216C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "AD312681-73A4-4B21-BDE8-50DED7E3E0CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC3D0C4E-0B40-4ACF-BD9E-104CC1D77521", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "E67940FD-3BA7-40A8-8E40-44B37D23E2DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "EE6EB4DE-33DA-4810-96BD-29C82B433714", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F7FCB446-49A7-48B9-8808-E72A4E2E48C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "9E9B2F53-257E-49E2-83C3-0840BDB4D67C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6CF34B1B-0FC0-4EA6-830D-D2191337D451", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_mart:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EA67581B-F8FD-416E-852F-859D642B7405", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_mart:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "32ACEED2-BA43-4EF7-9183-2F01CC277FB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_mart:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "18B967BB-2233-4FB2-B10D-9A338E1B4089", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09B79608-5D94-45C3-ADF0-B181B92C3014", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "9F05D844-38BD-4EEB-AF91-E5ED18B1E7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "25193811-46CE-4A0E-B22D-67BE99FAD450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*", matchCriteriaId: "6DF2D056-3118-4C31-BEDD-69F016898CBB", versionEndIncluding: "18.3", versionStartIncluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", matchCriteriaId: "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", matchCriteriaId: "86F03B63-F922-45CD-A7D1-326DB0042875", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", matchCriteriaId: "7CBFC93F-8B39-45A2-981C-59B187169BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0843465C-F940-4FFC-998D-9A2668B75EA0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "366A6277-5D74-44C8-94A9-8ADB5568B5FB", versionEndIncluding: "18.3", versionStartIncluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*", matchCriteriaId: "560F20E6-AEA1-4CE5-A393-C9B2CF334C5C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*", matchCriteriaId: "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "320D36DA-D99F-4149-B582-3F4AB2F41A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "BDC6D658-09EA-4C41-869F-1C2EA163F751", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*", matchCriteriaId: "384DEDD9-CB26-4306-99D8-83068A9B23ED", versionEndExcluding: "23.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*", matchCriteriaId: "2ECE8F5F-4417-4412-B857-F1ACDEED4FC2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4B2CEA84-0983-4C40-B923-99244ABCF32D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*", matchCriteriaId: "2FD798A8-38B7-42C1-9043-863D16CE7ACA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "57DA1DD8-E9F1-43C6-BCA2-1E9C92B1664C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "869CDD22-4A6C-4665-AA37-E340B07EF81C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*", matchCriteriaId: "787E2C1B-9BAD-4018-8495-E9BE75628BB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B465F237-0271-4389-8035-89C07A52350D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "123CB9B5-C800-47FD-BD0C-BE44198E97E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "4063FAD6-21D4-42C7-87C0-D299532E0982", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "59275C23-53C0-4890-A941-A71226B50CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0172500D-DE51-44E0-91E8-C8F36617C1F8", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E99E7D49-AE53-4D16-AB24-EBEAAD084289", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "69C215AB-25B4-47A6-AD6A-A60D2C0FF72F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8E77E48F-1521-4C89-A5D0-A7F0A8D21AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "6F88A2F3-E201-4C68-8D11-0A5C76CDB071", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CBD877F8-E6EF-4314-AAC0-36F81F4908DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3D7356B6-E197-4978-BF18-2CFD4D350A76", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "1B54457C-8305-4F82-BE1E-DBA030A8E676", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "C756C62B-E655-4770-8E85-B1995889E416", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "93F65B4C-59D5-450A-9955-7FDA32252B0F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "A67AA54B-258D-4D09-9ACB-4085E0B3E585", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "B5AAD5EB-403D-4DCD-96F6-3871889B9403", versionEndIncluding: "8.2.3", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", matchCriteriaId: "64BCB9E3-883D-4C1F-9785-2E182BA47B5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "F28B94B3-D940-4B1C-9E72-F061515D24F2", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "53600579-4542-4D80-A93C-3E45938C749D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D96CE74A-EB3A-489E-9229-43810DD46F64", versionEndIncluding: "8.2.5.0", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EAE0FAB3-DE56-4271-B3F1-FF665F55B728", versionEndIncluding: "8.2.5", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*", matchCriteriaId: "132DE874-6E47-452A-9FDD-27D5A41F046E", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*", matchCriteriaId: "603C00AA-DBF3-4F62-A74D-8AE596800B4C", versionEndIncluding: "12.6.4", versionStartIncluding: "12.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", matchCriteriaId: "AE3CF700-5042-4DD5-A4B1-53A6C4D8E549", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:12.7.0:*:*:*:*:*:*:*", matchCriteriaId: "C3D5995F-542C-489E-8940-991AAB17643B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "36CF85A9-2C29-46E7-961E-8ADD0B5822CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E80555C7-DA1C-472C-9467-19554DCE4476", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "47B0A947-E4C8-4C04-AD3B-950E59DF7A0E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "1AC36036-07CE-4903-8FFB-445C6908F0CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "435FDFA1-BF6A-499D-BDB6-88A26648DFD5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "AB3F3F63-9543-4568-BCB1-1CAF88384142", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "FC0C4CA4-1694-474E-8272-CF96E168D962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "93E953D0-9C0C-4B03-9939-384A1F7E2BC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "767CC73D-2771-4BBC-9D74-4416AEC6BB2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D33B68C6-2A4E-418C-A2BD-43A3CC5D1003", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "DAE3EA23-045D-474C-ABD8-916930D4E9E7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*", matchCriteriaId: "8BB9420F-87CE-4B4B-A417-AA6813CE1318", versionEndIncluding: "8.1.1.0.0", versionStartIncluding: "8.0.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*", matchCriteriaId: "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "10BBAD37-51A1-4819-807B-2642E9D4A69C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*", matchCriteriaId: "524429D6-8AF1-4713-A9B8-678B50A3762F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*", matchCriteriaId: "ED21B958-0FD0-4697-9CE2-266DEE4E29DC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "2177A5E9-B260-499E-8D60-920679518425", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6329B1A2-75A8-4909-B4FB-77AC7232B6ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "EC91D0AD-C721-4653-A2B7-4EA7D97F6392", versionEndExcluding: "12.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "C0B3C50D-60BB-40B3-A146-BF7A1EC9ECC5", versionEndExcluding: "21.5.0.0.220118", versionStartIncluding: "19.1.0.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:*:*:*:*:*:*:*:*", matchCriteriaId: "C970F0E8-0768-451A-8091-5C88761CA95D", versionEndExcluding: "23.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*", matchCriteriaId: "7E3417CF-4E94-4BA0-A05A-018D00EAC107", versionEndExcluding: "21.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4E45ADE3-2A3D-4FCA-BCDF-D0CC6CE0A23C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB8797ED-52E7-47B6-9F78-E2402671CCAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97C10FBE-FD9A-4739-9303-5B6FC7551D66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "CF45C905-9EFF-4108-9B70-9FFDDD6627A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "66C673C4-A825-46C0-816B-103E1C058D03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BA92E70A-2249-4144-B0B8-35501159ADB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "CFDEE0AC-F2A4-4CA4-B8B5-E3F98712B072", versionEndIncluding: "7.3.0.2", versionStartIncluding: "7.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "D747A956-40A6-47D8-A813-FA4E13CB557F", versionEndIncluding: "8.0.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "ED13F526-2D53-4627-B2C5-3678F5CC405B", versionEndIncluding: "8.1.1", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "523391D8-CB84-4EBD-B337-6A99F52E537F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_inventory_management:*:*:*:*:*:*:*:*", matchCriteriaId: "30B1475D-4F8D-4539-AED9-609C23944D14", versionEndExcluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8865CE15-F9A1-4A46-AF93-B58356BDEE6F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*", matchCriteriaId: "95D6A426-B914-401F-9AB0-5F5E3A3FE138", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*", matchCriteriaId: "CBDA65DE-5727-49DC-8D50-DA81DB3E8841", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*", matchCriteriaId: "A577DCD3-6730-441A-B3BD-6199483FB1E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*", matchCriteriaId: "577A07A9-DBB1-49E6-B2CC-60B917097472", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*", matchCriteriaId: "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", matchCriteriaId: "AD7E9060-BA5B-4682-AC0D-EE5105AD0332", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "52C13DE5-CA3C-414F-8813-BB0847433151", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*", matchCriteriaId: "D361A9A8-15B0-4527-868B-80998772F2AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*", matchCriteriaId: "4A667A37-59EB-4539-ADCA-D5F789DB6744", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", matchCriteriaId: "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BD4EE554-DFE7-4C16-BC98-574DC97FC85C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EE4160ED-75F2-4499-AC6C-90CD092A46E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "2F03BFDA-6904-42D7-8170-D6FD143BB16C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "32EE6974-6E2E-4DE8-9F2B-8FE0FCEFECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "C85900AC-11DA-4FA8-A1E0-270240BF4B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "4E0154DF-9EC0-4844-9B06-1C554CED3BC2", versionEndIncluding: "5.6.0", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "428D2B1D-CFFD-49D1-BC05-2D85D22004DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00C9E689-ED91-4A9D-B9C0-5BF4EC131409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7EFA1879-0BF9-4493-9145-15100BC38C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EF958C28-4289-4433-8CD9-B6551F01926F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F3E25293-CB03-44CE-A8ED-04B3A0487A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "212AC8FA-90E8-4FDF-BC57-D17CD8F2E35C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D7A6C04D-43B3-4B83-A185-7CBD838C97E4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E2B51896-E4DA-4FDA-979F-481FFB3E588A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*", matchCriteriaId: "4A87D1B6-87DF-4BC6-9C3E-F3AA47E22C4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "71CB79ED-A93E-4CBD-BCDD-82C5A00B373B", versionEndExcluding: "2.12.42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "F47057A9-2DDE-4178-B140-F7D70EAED8F6", versionEndIncluding: "12.2.24", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*", matchCriteriaId: "FA9948AB-0CA6-4148-949C-E500466B45F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*", matchCriteriaId: "56D17905-5E69-4BD5-973B-30662AC3D678", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*", matchCriteriaId: "70E72A74-F6A9-48EE-9279-3D9E53C2EC30", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*", matchCriteriaId: "F14C6AB5-CC45-4753-A60F-1F527B063127", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*", matchCriteriaId: "583BBDF1-DBE4-486D-ABF8-7D2B0408490A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*", matchCriteriaId: "C9810151-6F80-48FD-A51E-F063EB2B7324", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "301E7158-9090-467C-B3B4-30A8DB3B395D", versionEndIncluding: "18.8.12", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "BBEFACB1-C8EA-492B-8F85-A564DB363C83", versionEndIncluding: "19.12.11", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "6AEB882B-4975-4417-848C-0EAB022EB893", versionEndIncluding: "17.12.20", versionStartIncluding: "17.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "51E74B18-96E2-4B13-8072-3A4B29ED42EC", versionEndIncluding: "18.8.24", versionStartIncluding: "18.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "A3B41942-0EAE-4915-B560-C77855CF3AC1", versionEndIncluding: "19.12.17.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "798DD531-5B35-4D26-817D-5826666C9FA1", versionEndIncluding: "20.12.9.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "0E96F120-57FB-432C-8D9A-A227A78BB4B4", versionEndIncluding: "17.12.20.0", versionStartIncluding: "17.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "C97C52C9-16DD-4086-A1CF-19FD5C90FEA3", versionEndIncluding: "18.8.24.0", versionStartIncluding: "18.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "05848067-59FF-4C90-A8BA-D1E4311B3A82", versionEndIncluding: "19.12.17.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "DC6AD8C8-96ED-4CFB-9953-99139FABCE35", versionEndIncluding: "20.12.9.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", matchCriteriaId: "7F978162-CB2C-4166-947A-9048C6E878BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*", matchCriteriaId: "CE004F32-F4DA-45A8-AD11-8924C4F1076A", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "90D4D479-0294-4F31-B719-8544C8DC4554", versionEndIncluding: "16.0.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48C9BD8E-7214-4B44-B549-6F11B3EA8A04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*", matchCriteriaId: "E0B58B00-92A6-4033-B53A-839A4BDDF30F", versionEndIncluding: "16.0.2", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", matchCriteriaId: "31FFE404-027E-4B59-B3EF-BD20E1F7EECC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "44AA1B51-8A24-48F0-B16F-803D69698707", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7435071D-0C95-4686-A978-AFC4C9A0D0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "822A3C37-86F2-4E91-BE91-2A859F983941", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*", matchCriteriaId: "99B5DC78-1C24-4F2B-A254-D833FAF47013", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4FB98961-8C99-4490-A6B8-9A5158784F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "5B956113-5B3B-436D-858B-8F29FB304364", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*", matchCriteriaId: "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*", matchCriteriaId: "EFC5F424-119D-4C66-8251-E735EEFBC0BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "3F7956BF-D5B6-484B-999C-36B45CD8B75B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9DA6B655-A445-42E5-B6D9-70AB1C04774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "C1933509-1BEA-45DA-B6AF-2713B432B1F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*", matchCriteriaId: "4DA1BF68-635B-4577-B3F7-DEBC39567C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3B202AEF-1197-441B-8EA1-2913BFD8A545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "889916ED-5EB2-49D6-8400-E6DBBD6C287F", versionEndIncluding: "21.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*", matchCriteriaId: "6DFFDFD4-0D11-4F63-A0AD-A0C65A067912", versionEndExcluding: "21.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*", matchCriteriaId: "EE6B6243-9FE9-432B-B5A8-20E515E06A93", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*", matchCriteriaId: "01E3B232-073E-433B-977A-1742B75109B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "6F6FDC33-D57E-4C6A-B633-BFC587147037", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F3B01572-9D32-44B2-8FCF-C282C887DB51", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "20290BBC-E3C9-4B96-94FE-2DFADD4BF1F1", versionEndExcluding: "21.1.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:21.1.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "AF7F55C1-2114-4D22-B696-6E20337E52FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C5B4C338-11E1-4235-9D5A-960B2711AC39", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "8C93F84E-9680-44EF-8656-D27440B51698", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "CB85582D-0106-47F1-894F-0BC4FF0B5462", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, { lang: "es", value: "Una vulnerabilidad en el componente Advanced Networking Option de Oracle Database Server. Las versiones compatibles que están afectadas son 12.1.0.2, 12.2.0.1 y 19c. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de Oracle Net comprometer a advanced Networking Option. Los ataques con éxito requieren una interacción humana de una persona diferente del atacante y, mientras la vulnerabilidad se encuentra en Advanced Networking Option, los ataques pueden afectar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Advanced Networking Option. Nota: La actualización de parches críticos de julio de 2021 introduce una serie de cambios en el Cifrado de Red Nativo para hacer frente a la vulnerabilidad (CVE-2021-2351 y prevenir el uso de cifrados más débiles. Los clientes deben revisar: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Puntuación Base 8.3 (Impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)", }, ], id: "CVE-2021-2351", lastModified: "2024-11-21T06:02:56.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-07-21T15:15:21.827", references: [ { source: "secalert_us@oracle.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { source: "secalert_us@oracle.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { source: "secalert_us@oracle.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { source: "secalert_us@oracle.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2023.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, { lang: "en", value: "CWE-384", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-22 21:29
Modified
2024-11-21 04:44
Severity ?
Summary
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mchange | c3p0 | * | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | communications_session_route_manager | * | |
| oracle | documaker | * | |
| oracle | enterprise_manager_base_platform | 13.2.1.0 | |
| oracle | enterprise_manager_ops_center | 12.4.0.0 | |
| oracle | flexcube_private_banking | 12.0.0 | |
| oracle | flexcube_private_banking | 12.1.0 | |
| oracle | hyperion_infrastructure_technology | 11.1.2.4 | |
| oracle | retail_xstore_point_of_service | 15.0 | |
| oracle | retail_xstore_point_of_service | 16.0 | |
| oracle | retail_xstore_point_of_service | 17.0 | |
| oracle | retail_xstore_point_of_service | 18.0 | |
| oracle | retail_xstore_point_of_service | 19.0 | |
| oracle | webcenter_sites | 12.2.1.3.0 | |
| oracle | webcenter_sites | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mchange:c3p0:*:*:*:*:*:*:*:*", matchCriteriaId: "2A18C00D-54D8-4B73-89B7-24E7DDF017E7", versionEndExcluding: "0.9.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*", matchCriteriaId: "0A3136AE-8744-4B13-BCA3-9FDD9E71DF02", versionEndIncluding: "12.6.6", versionStartIncluding: "12.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "66916DEB-ACE1-44E0-9535-10B3E03347AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "DED59B62-C9BF-4C0E-B351-3884E8441655", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.", }, { lang: "es", value: "En c3p0 versiones <0.9.5.4, puede ser explotada por un ataque de tipo a billion laughs al cargar la configuración XML producto de la falta de protecciones faltantes contra la expansión recursiva de la entidad al cargar la configuración.", }, ], id: "CVE-2019-5427", lastModified: "2024-11-21T04:44:54.943", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-22T21:29:00.523", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/509315", }, { source: "support@hackerone.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/", }, { source: "support@hackerone.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/509315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-776", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-776", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-26 21:29
Modified
2024-11-21 03:41
Severity ?
Summary
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:google:guava:*:*:*:*:*:*:*:*", matchCriteriaId: "4FD69F7A-64FF-4993-8DB5-072403998803", versionEndExcluding: "24.1.1", versionStartIncluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", matchCriteriaId: "2F87326E-0B56-4356-A889-73D026DB1D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", matchCriteriaId: "704CFA1A-953E-4105-BFBE-406034B83DED", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*", matchCriteriaId: "FB283C80-F7AF-4776-8432-655E50D7D65B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*", matchCriteriaId: "461407B5-C167-4DE1-A934-FD5ADFB4AD4E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:4.2:*:*:*:*:*:*:*", matchCriteriaId: "D8C66E6D-8AD2-4709-BD18-ED9EAF9D8546", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB28F9AF-3D06-4532-B397-96D7E4792503", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B1ABA871-3271-48E2-A69C-5AD70AF94E53", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "868C0845-F25C-487F-A697-72917BE9D78E", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", matchCriteriaId: "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB28F9AF-3D06-4532-B397-96D7E4792503", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B1ABA871-3271-48E2-A69C-5AD70AF94E53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B1ABA871-3271-48E2-A69C-5AD70AF94E53", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "868C0845-F25C-487F-A697-72917BE9D78E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*", matchCriteriaId: "2FF46C9A-7768-4E52-A676-BEA6AE766AD4", versionEndIncluding: "14.4.0", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "727DF4F5-3D21-491E-96B9-EC973A6C9C18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5C614BA7-7103-4ED7-ADD0-56064FE256A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*", matchCriteriaId: "6833701E-5510-4180-9523-9CFD318DEE6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*", matchCriteriaId: "B2204841-585F-40C7-A1D9-C34E612808CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "991A279B-9D7C-4E39-8827-BC21C2C03B83", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A69266D2-72D0-4A6C-883D-2597FE30931B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", matchCriteriaId: "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.", }, { lang: "es", value: "Asignación de memoria sin restringir en Google Guava 11.0 hasta las versiones 24.x anteriores a la 24.1.1 permite que los atacantes remotos realicen ataques de denegación de servicio (DoS) contra servidores que dependen de esta librería y que deserialicen datos proporcionados por dichos atacantes debido a que la clase AtomicDoubleArray (cuando se serializa con serialización Java) y la clase CompoundOrdering (cuando se serializa con serialización GWT) realiza una asignación sin comprobar adecuadamente lo que ha enviado un cliente y si el tamaño de los datos es razonable.", }, ], id: "CVE-2018-10237", lastModified: "2024-11-21T03:41:04.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-26T21:29:00.230", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1041707", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2423", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2424", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2425", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2428", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2598", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2643", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2740", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2741", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2742", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2743", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2927", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495%40%3Ccommon-dev.hadoop.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085%40%3Ccommits.cassandra.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084%40%3Cgitbox.activemq.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6%40%3Cissues.activemq.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc%40%3Chdfs-dev.hadoop.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55%40%3Cissues.lucene.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d%40%3Cdev.cxf.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9%40%3Cdev.cxf.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94%40%3Cissues.storm.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd%40%3Cdev.cxf.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d%40%3Cdev.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a%40%3Cdev.cxf.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84%40%3Cissues.lucene.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919%40%3Cissues.lucene.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3%40%3Cdev.cxf.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1%40%3Ccommon-dev.hadoop.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2%40%3Cdev.cxf.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20220629-0008/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1041707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2425", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2428", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2927", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495%40%3Ccommon-dev.hadoop.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4b20632c2e228d085%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f345252e0ac9d98e7e084%40%3Cgitbox.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42acfa5dac38fb03dd6%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc%40%3Chdfs-dev.hadoop.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a9161b00ba9c0a5d55%40%3Cissues.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa421008b1989f7354d4%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a535f8e80c41e482106d%40%3Cdev.cxf.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47d77a40af712c1fdf9%40%3Cdev.cxf.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50474c1241068aa0f94%40%3Cissues.storm.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b9277656ff95b97d6b6b6dcd%40%3Cdev.cxf.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e90de82ad75cc16540%40%3Cdev.syncope.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0083739a77e56ad92d%40%3Cdev.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b65845ae50096d9278a%40%3Cdev.cxf.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94ae55b8a31bb92fed84%40%3Cissues.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d812e0093ec2fc70a7d%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e437460423c24f477919%40%3Cissues.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe12dc560e22d9d147a3%40%3Cdev.cxf.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b75d3bac1426f2d4ac1%40%3Ccommon-dev.hadoop.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c9474ba73a504161b2%40%3Cdev.cxf.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05741d47488e7fc8c45%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20220629-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-14 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe | * | |
| dell | bsafe_crypto-c | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", versionEndExcluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "E1E74A2F-4075-428D-A6E5-FE9387EB59CB", versionEndExcluding: "4.1.6", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-c:*:*:*:*:micro:*:*:*", matchCriteriaId: "34E7C1D1-796B-4FDD-A619-5DD75032FEBB", versionEndExcluding: "4.0.5.3", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6 (en las 4.1.0); y RSA BSAFE Crypto-C Micro Edition, en versiones anteriores a la 4.0.5.3 (en las 4.0.x), contienen una vulnerabilidad de sobrelectura de búfer al analizar datos ASN.1. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa para provocar este problema.", }, ], id: "CVE-2018-11058", lastModified: "2024-11-21T03:42:35.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-14T20:29:00.307", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/108106", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/108106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 18:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", versionEndExcluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "1DF1347A-3AFB-40CC-B1AD-F2DAC90502D1", versionEndExcluding: "4.1.6.1", versionStartIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x) contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto también se conoce como ataque Bleichenbacher sobre descifrado RSA. Un atacante remoto podría ser capaz de recuperar una clave RSA.", }, ], id: "CVE-2018-11057", lastModified: "2024-11-21T03:42:35.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T18:29:00.653", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-16 21:29
Modified
2024-11-21 03:51
Severity ?
Summary
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", versionEndExcluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "F72D69C9-BBFA-43CC-A094-596361593D16", versionEndExcluding: "4.1.6.2", versionStartIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite en versiones anteriores a la 4.0.11 (en la serie 4.0.x) y las versiones anteriores a la 4.1.6.2 (en la serie 4.1.x) contiene un problema de error de gestión clave. Un servidor TLS malicioso podría provocar una denegación de servicio (DoS) en los clientes TLS durante la negociación cuando un valor primo muy grande se envía al cliente TLS y se emplea una suite de cifrado Diffie-Hellman Ephemeral o Anonymous (DHE o ADH).", }, ], id: "CVE-2018-15769", lastModified: "2024-11-21T03:51:26.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-16T21:29:00.470", references: [ { source: "security_alert@emc.com", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/105929", }, { source: "security_alert@emc.com", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1042057", }, { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/105929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1042057", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-11-13 22:29
Modified
2025-04-20 01:37
Severity ?
Summary
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "0BD3F477-4078-42BC-AF81-A68487FCDBEC", versionEndIncluding: "1.0.2h", versionStartIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", matchCriteriaId: "8A4E446D-B9D3-45F2-9722-B41FA14A6C31", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "2D1C00C0-C77E-4255-9ECA-20F2673C7366", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "73104834-5810-48DD-9B97-549D223853F1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "A8442C20-41F9-47FD-9A12-E724D3A31FD7", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B1ABA871-3271-48E2-A69C-5AD70AF94E53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB30733E-68FC-49C4-86C0-7FEE75C366BF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", matchCriteriaId: "6361DAC6-600F-4B15-8797-D67F298F46FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", matchCriteriaId: "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", matchCriteriaId: "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "9C82200F-A26E-4AD4-82FF-DC5601A28D52", versionEndIncluding: "11.40", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:host_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "546855F3-654C-48F0-B3A0-FF1ABBF04007", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", matchCriteriaId: "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", matchCriteriaId: "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", matchCriteriaId: "146A767F-DC04-454B-9913-17D3A2B5AAA4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*", matchCriteriaId: "E788440A-02B0-45F5-AFBC-7109F3177033", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", matchCriteriaId: "61D7EF01-F618-497F-9375-8003CEA3D380", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid_webscale:-:*:*:*:*:*:*:*", matchCriteriaId: "813CD8F9-9F05-49A7-BB4D-E9A1D54D6DFD", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FED6CAE-D97F-49E0-9D00-1642A3A427B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "460EF266-5397-4FB9-B4C3-BECB2FB12AE4", versionEndIncluding: "6.1.17", vulnerable: true, }, { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "2C837CEA-991C-45BA-8DFF-20F4E98E4639", versionEndIncluding: "7.0.15", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "1558B8D3-B289-4143-A3C2-F8EF29CECDD3", versionEndIncluding: "7.1.10", versionStartIncluding: "7.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:adaptive_access_manager:11.1.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "530B1012-03DF-4AE2-863E-FB07351FE4A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "BDB13348-C8CA-4E71-9DC6-091B09D52E96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4FB98961-8C99-4490-A6B8-9A5158784F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "271CACEB-10F5-4CA8-9C99-3274F18EE62D", versionEndExcluding: "xcp2361", vulnerable: true, }, { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EF82224E-9EED-472E-A038-768E4179B219", versionEndExcluding: "xcp3070", versionStartIncluding: "xcp3000", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "433EEE1B-134C-48F9-8688-23C5F1ABBF0F", versionEndExcluding: "xcp2361", vulnerable: true, }, { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8B56D4BF-9328-4998-95F3-D23BD1349280", versionEndExcluding: "xcp3070", versionStartIncluding: "xcp3000", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47FFEE5C-5DAE-4FAD-9651-7983DE092120", versionEndExcluding: "xcp2361", vulnerable: true, }, { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62AAD1D8-D312-452A-80E7-97FA3238C95F", versionEndExcluding: "xcp3070", versionStartIncluding: "xcp3000", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374", versionEndExcluding: "xcp2361", vulnerable: true, }, { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F429B6AB-44E3-412F-AAE6-33B6F1150262", versionEndExcluding: "xcp3070", versionStartIncluding: "xcp3000", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "66D6EF49-7094-41D9-BDF5-AE5846E37418", versionEndExcluding: "xcp2361", vulnerable: true, }, { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "78152A31-DB06-4F13-94EA-D3C94B240EE0", versionEndExcluding: "xcp3070", versionStartIncluding: "xcp3000", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6593DA00-EE33-4223-BEAE-8DC629E79287", versionEndExcluding: "xcp2361", vulnerable: true, }, { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB1FF50C-D9D0-4DF0-90F8-9259BD7B315B", versionEndExcluding: "xcp3070", versionStartIncluding: "xcp3000", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.", }, { lang: "es", value: "Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL definió el procesamiento de paquetes ALERT durante una negociación de conexión. Un atacante remoto podría emplear este fallo para hacer que un servidor TLS/SSL consuma una cantidad excesiva de recursos de CPU y fracase a la hora de aceptar conexiones de otros clientes.", }, ], id: "CVE-2016-8610", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-11-13T22:29:00.203", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0286.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2016/q4/224", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93841", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037084", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2493", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2494", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.360.cn/cve/CVE-2016-8610/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20171130-0001/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.paloaltonetworks.com/CVE-2016-8610", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2017/dsa-3773", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0286.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0574.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1415.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2017-1659.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2016/q4/224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/93841", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:1802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2017:2494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.360.cn/cve/CVE-2016-8610/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20171130-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.paloaltonetworks.com/CVE-2016-8610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2017/dsa-3773", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 18:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe_crypto-c | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "1DF1347A-3AFB-40CC-B1AD-F2DAC90502D1", versionEndExcluding: "4.1.6.1", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-c:*:*:*:*:micro:*:*:*", matchCriteriaId: "34E7C1D1-796B-4FDD-A619-5DD75032FEBB", versionEndExcluding: "4.0.5.3", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.1.6.1 (en las 4.1.x) y RSA BSAFE Crypto-C Micro Edition en versiones anteriores a la 4.0.5.3 (en las 4.0.x) contiene una vulnerabilidad de consumo de recursos no controlado (\"Resource Exhaustion\") al analizar datos ASN.1. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa que agotarían la pila, pudiendo provocar una denegación de servicio (DoS).", }, ], id: "CVE-2018-11056", lastModified: "2024-11-21T03:42:35.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T18:29:00.530", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-18 12:15
Modified
2024-11-21 06:31
Severity ?
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "42BCB94E-86D2-4B98-B9E6-5789F2272692", versionEndExcluding: "2.3.1", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "19DA22A8-0B29-4181-B44E-57D28D9DB331", versionEndExcluding: "2.12.3", versionStartIncluding: "2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "61E2AC03-D49B-4A15-BDA4-61DAF142CEED", versionEndIncluding: "2.16.0", versionStartIncluding: "2.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", matchCriteriaId: "421BCD43-8ECC-4B1E-9F3E-C20BB2BC672A", versionEndIncluding: "10.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*", matchCriteriaId: "1EA49667-8F94-4091-B9A9-A94318D83C24", versionEndExcluding: "3.0", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*", matchCriteriaId: "7C1B257C-9442-4C73-91CB-67893A78F0DF", versionEndExcluding: "3.0", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "AD1E667A-9CAA-4382-957A-E4F1A4960E0C", versionEndExcluding: "3.1.0", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B407FBDB-7900-4F69-B745-809277F26050", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "05AF56AD-FBAF-4AB8-B04D-1E28BF10B767", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E3103225-6440-43F4-9493-131878735B2A", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "2B3A0115-86AB-4677-A026-D99B971D9EF5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "914A44DE-C4AA-45A0-AC26-5FAAF576130E", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "9D1C62CF-414A-4670-9F19-C11A381DB830", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "75359CC5-58A7-4B5A-B9BF-BDE59552EF1C", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "706A3F00-8489-4735-B09B-34528F7C556A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C23D02B7-C9A7-4ED9-AE71-765F01ACA55C", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "E9DCB171-E4C8-4472-8023-20992ABB9348", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*", matchCriteriaId: "B0C0714E-4255-4095-B26C-70EB193B8F98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "1F834ACC-D65B-4CA3-91F1-415CBC6077E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "473749BD-267E-480F-8E7F-C762702DB66E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "320D36DA-D99F-4149-B582-3F4AB2F41A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "5E502A46-BAF4-4558-BC8F-9F014A2FB26A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "C542DC5E-6657-4178-9C69-46FD3C187D56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*", matchCriteriaId: "633E5B20-A7A7-4346-A71D-58121B006D00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "BDC6D658-09EA-4C41-869F-1C2EA163F751", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", matchCriteriaId: "64750C01-21AC-4947-B674-6690EAAAC5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", matchCriteriaId: "3C3D0063-9458-4018-9B92-79A219716C10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", matchCriteriaId: "3141B86F-838D-491A-A8ED-3B7C54EA89C1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B465F237-0271-4389-8035-89C07A52350D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "123CB9B5-C800-47FD-BD0C-BE44198E97E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DAAB7154-4DE8-4806-86D0-C1D33B84417B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", matchCriteriaId: "DF616620-88CE-4A77-B904-C1728A2E6F9B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "3AA09838-BF13-46AC-BB97-A69F48B73A8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "B4367D9B-BF81-47AD-A840-AC46317C774D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "175B97A7-0B00-4378-AD9F-C01B6D9FD570", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "C6EAA723-2A23-4151-930B-86ACF9CC1C0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EEC452FA-D1D5-4175-9371-F6055818192E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0172500D-DE51-44E0-91E8-C8F36617C1F8", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E99E7D49-AE53-4D16-AB24-EBEAAD084289", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "F9550113-7423-48D8-A1C7-95D6AEE9B33C", versionEndIncluding: "8.5.1.0", versionStartIncluding: "8.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", matchCriteriaId: "7FDD479D-9070-42E2-A8B1-9497BC4C0CF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", matchCriteriaId: "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "02712DD6-D944-4452-8015-000B9851D257", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", matchCriteriaId: "46E23F2E-6733-45AF-9BD9-1A600BD278C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", matchCriteriaId: "E812639B-EE28-4C68-9F6F-70C8BF981C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "26940103-F37C-4FBD-BDFD-528A497209D6", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "00E9A2B1-7562-4E6B-AE25-1B647F24EFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "53600579-4542-4D80-A93C-3E45938C749D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*", matchCriteriaId: "E6235EAE-47DD-4292-9941-6FF8D0A83843", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "274BCA96-2E6A-4B77-B69E-E2093A668D28", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D4B738B-08CF-44F6-A939-39F5BEAF03B2", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", matchCriteriaId: "0FAF2403-99A1-4DBC-BAC4-35D883D8E5D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AA6214-A85D-4BF4-ABBF-0E4F8B7DA817", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "1F05AF4B-A747-4314-95AE-F8495479AB3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*", matchCriteriaId: "4B3C968F-4038-4A8D-A345-8CD3F73A653B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "615C7D0D-A9D5-43BA-AF61-373EC1095354", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6F772DC1-F93E-43A4-81DA-A2A1E204C5D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F033C6C8-61D9-41ED-94E6-63BE7BA22EFC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4B829B72-7DE0-415F-A1AF-51637F134B76", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FF8DC5FD-09DE-446F-879B-DB86C0CC95B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", matchCriteriaId: "B0148D20-089E-4C19-8CA3-07598D8AFBF1", versionEndIncluding: "12.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*", matchCriteriaId: "54BE0CCE-8216-4CCF-96E1-38EF76124368", versionEndIncluding: "14.3.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*", matchCriteriaId: "0017AE8C-DBCA-46B4-A036-DF0E289199D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*", matchCriteriaId: "609645BF-B34F-40AC-B9C9-C3FB870F4ED2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "67013CB6-5FA6-438B-A131-5AEDEBC66723", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8FC5F6E6-3515-439B-9665-3B6151CEF577", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4CB4F0E6-3B36-4736-B2F2-CB2A16309F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0E72CF27-6E5F-404E-B5DF-B470C99AF5E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "51BCEC65-25B7-480C-860C-9D97F78CCE3F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "16AEA21E-0B11-44A5-8BFB-550521D8E0D5", versionEndIncluding: "3.0.4", versionStartIncluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BA92E70A-2249-4144-B0B8-35501159ADB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "9F69F8F6-BA2D-4DC6-BAB2-B9155F8B45CD", versionEndIncluding: "7.3.0.4", versionStartIncluding: "7.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "10774601-93C3-4938-A3E7-3C3D97A6F73C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "523391D8-CB84-4EBD-B337-6A99F52E537F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "B0A3C700-710A-4A0A-A2D4-ABB7AAC9B128", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*", matchCriteriaId: "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", matchCriteriaId: "AD7E9060-BA5B-4682-AC0D-EE5105AD0332", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*", matchCriteriaId: "E7D45E2D-241B-4839-B255-A81107BF94BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*", matchCriteriaId: "9C083F1E-8BF2-48C7-92FB-BD105905258E", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*", matchCriteriaId: "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*", matchCriteriaId: "C3E11E28-78AA-42BB-927D-D22CBDDD62B9", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*", matchCriteriaId: "30927787-2815-4BEF-A7C2-960F92238303", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*", matchCriteriaId: "C0ABD2DC-9357-4097-BE62-BB7A4988A01F", versionEndExcluding: "11.2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1489DDA7-EDBE-404C-B48D-F0B52B741708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "535BC19C-21A1-48E3-8CC0-B276BA5D494E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8508EF23-43DC-431F-B410-FD0BA897C371", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", matchCriteriaId: "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1B85A426-5714-4CEA-8A97-720F882B2D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "604FBBC9-04DC-49D2-AB7A-6124256431AF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "428D2B1D-CFFD-49D1-BC05-2D85D22004DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2E3E923-E2AD-400D-A618-26ADF7F841A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB58D27-37F2-4A32-B786-3490024290A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "3F66C747-733F-46A1-9A6B-EEB1A1AEC45D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747", versionEndIncluding: "8.0.29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*", matchCriteriaId: "5D01A0EC-3846-4A74-A174-3797078DC699", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*", matchCriteriaId: "03E5FCFB-093A-48E9-8A4E-34C993D2764E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "A621A5AE-6974-4BA5-B1AC-7130A46F68F5", versionEndIncluding: "18.8.13", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4096281D-2EBA-490D-8180-3C9D05EB890A", versionEndIncluding: "19.12.12", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", matchCriteriaId: "15F45363-236B-4040-8AE4-C6C0E204EDBA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981", versionEndIncluding: "19.12.18.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "651104CE-0569-4E6D-ACAB-AD2AC85084DD", versionEndIncluding: "20.12.12.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "45D89239-9142-46BD-846D-76A5A74A67B1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "3D1C35DF-D30D-42C8-B56D-C809609AB2A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "834B4CE7-042E-489F-AE19-0EEA2C37E7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "82653579-FF7D-4492-9CA2-B3DF6A708831", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F3796186-D3A7-4259-846B-165AD9CEB7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CEDA5540-692D-47DA-9F68-83158D9AE628", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5435583-C454-4AC9-8A35-D2D30EB252EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F4B95628-F108-424A-8C19-40A5F5B7D37B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*", matchCriteriaId: "1E03B340-8C77-4DFA-8536-C57656E237D0", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "4B7B0B33-2361-4CF5-8075-F609858A582E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7435071D-0C95-4686-A978-AFC4C9A0D0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", matchCriteriaId: "A921C710-1C59-429F-B985-67C0DBFD695E", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", matchCriteriaId: "B9E458AF-0EEC-453E-AA9D-6C79211000AC", versionEndIncluding: "19.0.1.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "F1AFAE16-B69F-410A-8CE3-1CDD998A8433", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DFDF4CB0-4680-449A-8576-915721D59500", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A0472632-4104-4397-B619-C4E86A748465", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48E25E7C-F7E8-4739-8251-00ACD11C12FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*", matchCriteriaId: "99B5DC78-1C24-4F2B-A254-D833FAF47013", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*", matchCriteriaId: "9002379B-4FDA-44F3-98EB-0C9B6083E429", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*", matchCriteriaId: "476B038D-7F60-482D-87AD-B58BEA35558E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*", matchCriteriaId: "AB86C644-7B79-4F87-A06D-C178E8C2B8B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*", matchCriteriaId: "C19C5CC9-544A-4E4D-8F0A-579BB5270F07", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3E1A9B0C-735A-40B4-901C-663CF5162E96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "0791694C-9B4E-42EA-8F6C-899B43B6D769", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "312992F0-E65A-4E38-A44C-363A7E157CE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E1940FD6-39FA-4F92-9625-F215D8051E80", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", matchCriteriaId: "0CE45891-A6A5-4699-90A6-6F49E60A7987", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "D7FCC976-615C-4DE5-9F50-1B25E9553962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "3F7956BF-D5B6-484B-999C-36B45CD8B75B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D14A54A-4B04-41DE-B731-844D8AC3BE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9DA6B655-A445-42E5-B6D9-70AB1C04774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5D57F5CB-E566-450F-B7D7-DD771F7C746C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*", matchCriteriaId: "88458537-6DE8-4D79-BC71-9D08883AD0C1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*", matchCriteriaId: "2E310654-0793-41CC-B049-C754AC31D016", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*", matchCriteriaId: "4C5B22C6-97AF-4D1B-84C9-987C6F62C401", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*", matchCriteriaId: "FFD9AAE5-9472-49C6-B054-DB76BEB86D35", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "A104FDBD-0B28-44EE-91A0-A0C8939865A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*", matchCriteriaId: "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "889916ED-5EB2-49D6-8400-E6DBBD6C287F", versionEndIncluding: "21.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*", matchCriteriaId: "1C470BAD-F7E2-4802-B1BE-E71EBB073DA1", versionEndExcluding: "21.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "4E1A18FB-85E6-4C5D-8F8A-12F86EDC6A2D", versionEndExcluding: "22.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.", }, { lang: "es", value: "Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegación de servicio cuando es interpretada una cadena diseñada. Este problema se ha corregido en Log4j versiones 2.17.0, 2.12.3 y 2.3.1", }, ], id: "CVE-2021-45105", lastModified: "2024-11-21T06:31:58.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-18T12:15:07.433", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { source: "security@apache.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/19/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211218-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-674", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 18:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", versionEndExcluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "1DF1347A-3AFB-40CC-B1AD-F2DAC90502D1", versionEndExcluding: "4.1.6.1", versionStartIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x), contiene una vulnerabilidad de limpieza indebida de memoria dinámica (heap) antes de liberarla (\"Heap Inspection\"). Los datos PKCS #12 descifrados en la memoria dinámica no se convierten a cero por MES antes de liberar la memoria internamente. Un usuario local malicioso podría obtener acceso a los datos no autorizados mediante la inspección del heap.", }, ], id: "CVE-2018-11055", lastModified: "2024-11-21T03:42:34.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T18:29:00.403", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-26 19:15
Modified
2024-11-21 04:25
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:softwareag:quartz:*:*:*:*:*:*:*:*", matchCriteriaId: "45E3B3FD-2210-4419-86E7-0365320383F7", versionEndExcluding: "2.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:apache_batik_mapviewer:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "03B8033B-C2A4-47A2-88F0-ED2BF8962518", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:apache_batik_mapviewer:18c:*:*:*:*:*:*:*", matchCriteriaId: "4B1124B6-CECC-4D4D-A8D5-F05928A545AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:apache_batik_mapviewer:19c:*:*:*:*:*:*:*", matchCriteriaId: "3BE19D2D-0789-4925-BC87-DC3A4C063FBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "7AB8ABFD-C72C-4CBB-8872-9440A19154D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "3054FEBB-484B-4927-9D1C-2024772E8B3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "5AED3C78-7D65-4F02-820D-B51BCE4022F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "557A23A1-4762-4D29-A478-D1670C1847D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*", matchCriteriaId: "2FF46C9A-7768-4E52-A676-BEA6AE766AD4", versionEndIncluding: "14.4.0", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "727DF4F5-3D21-491E-96B9-EC973A6C9C18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*", matchCriteriaId: "135D531C-A692-4BE3-AB8C-37BB0D35559A", versionEndIncluding: "12.6.4", versionStartIncluding: "12.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "66916DEB-ACE1-44E0-9535-10B3E03347AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A69266D2-72D0-4A6C-883D-2597FE30931B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*", matchCriteriaId: "524429D6-8AF1-4713-A9B8-678B50A3762F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "06E586B3-3434-4B08-8BE3-16C528642CA5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:google_guava_mapviewer:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0CCA59D2-2853-44F3-9C5C-CC59B49A6B69", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:google_guava_mapviewer:18c:*:*:*:*:*:*:*", matchCriteriaId: "779EB0EC-2905-48BC-B375-E6E78B26A169", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:google_guava_mapviewer:19c:*:*:*:*:*:*:*", matchCriteriaId: "E19C4DBE-2889-4C13-A0E9-30D0CD1BF714", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "DED59B62-C9BF-4C0E-B351-3884E8441655", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "B2A0A4A6-70D3-418B-80EA-04718C50C500", versionEndIncluding: "9.2.5.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", matchCriteriaId: "EE8CF045-09BB-4069-BCEC-496D5AE3B780", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*", matchCriteriaId: "BFB0BB58-04D3-409D-AECC-9633782F0E75", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7E75624C-68FA-465C-86B3-BCFB649C4782", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:18c:*:*:*:*:*:*:*", matchCriteriaId: "6B7DF2FA-F290-40F7-ABD1-AB50EEBC83B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:19c:*:*:*:*:*:*:*", matchCriteriaId: "E4D4E5C1-D4A6-464D-9DF3-A9DDD1912FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomee:7.1.3:*:*:*:*:*:*:*", matchCriteriaId: "E74771B8-99DA-434F-ADCF-258838674E18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", matchCriteriaId: "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.0:*:*:*:data_center:*:*:*", matchCriteriaId: "E70C8416-E4F6-44BC-BDF9-BB1BAE7E185F", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.0:*:*:*:server:*:*:*", matchCriteriaId: "1363F683-E350-4639-A973-A82BDD83A3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.1:*:*:*:data_center:*:*:*", matchCriteriaId: "7BAB5016-8439-4E01-8911-8B472EF38E13", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.1:*:*:*:server:*:*:*", matchCriteriaId: "F8EF8DCE-7266-49B1-AE2E-96079A2AD6E7", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.2:*:*:*:data_center:*:*:*", matchCriteriaId: "029B8E7F-65EF-4984-A27B-8198D8EB18DB", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.2:*:*:*:server:*:*:*", matchCriteriaId: "55C7B96B-2A2F-47F9-BBBD-0E25F8AF8F02", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.3:*:*:*:data_center:*:*:*", matchCriteriaId: "160B6A9E-41DC-4999-B3CC-A16B3A16D2A4", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.3:*:*:*:server:*:*:*", matchCriteriaId: "FC59154D-036C-4F22-B5F1-891527A3EC6B", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.4:*:*:*:data_center:*:*:*", matchCriteriaId: "6AD2CA00-9D6C-4DAC-90E6-BE1D93555C11", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.4:*:*:*:server:*:*:*", matchCriteriaId: "2FDF2DF4-B0EE-4179-AF98-B21EBB2E1D6F", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.5:*:*:*:data_center:*:*:*", matchCriteriaId: "AF85E227-F167-4CCB-A039-D96CC080B032", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.5:*:*:*:server:*:*:*", matchCriteriaId: "EDA3B2B5-C9EA-4D26-AEF4-F86792FB9ADC", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.6:*:*:*:data_center:*:*:*", matchCriteriaId: "93DDAE6E-DB31-429A-B4EB-955E080A4545", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.6:*:*:*:server:*:*:*", matchCriteriaId: "DF994E6C-6262-4230-BBC6-E464EBC1B0F9", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.7:*:*:*:data_center:*:*:*", matchCriteriaId: "25DA87CA-362C-4558-AA42-265DA1F8C26D", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.7:*:*:*:server:*:*:*", matchCriteriaId: "EF410408-CD38-408A-97C4-1103EF8AF68D", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.8:*:*:*:data_center:*:*:*", matchCriteriaId: "037D6CB0-959B-468E-87DD-8B1110A14ED0", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.8:*:*:*:server:*:*:*", matchCriteriaId: "1B885DB6-2DEA-4EB4-97BC-2BF30BC45544", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.9:*:*:*:data_center:*:*:*", matchCriteriaId: "C83E3571-CD54-40A2-AAC0-20F67954642B", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.9:*:*:*:server:*:*:*", matchCriteriaId: "B69320FF-4E93-475C-B995-85CF1A03DBDA", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.10:*:*:*:data_center:*:*:*", matchCriteriaId: "FD430022-C74D-4340-88F9-21AB69485966", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.10:*:*:*:server:*:*:*", matchCriteriaId: "549E2860-25D9-468C-891D-AD9BEADA08B3", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.11:*:*:*:data_center:*:*:*", matchCriteriaId: "5C03D422-521C-48B2-B293-247232D1ED3C", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.11:*:*:*:server:*:*:*", matchCriteriaId: "2B0DBCC1-2D1F-4DB3-A693-DA0FA18B9A5E", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.12:*:*:*:data_center:*:*:*", matchCriteriaId: "34515441-AE13-4492-A08E-6521D840F689", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.12:*:*:*:server:*:*:*", matchCriteriaId: "6FABE527-FED5-4BA3-ABF0-C89AD1228ED2", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.13:*:*:*:data_center:*:*:*", matchCriteriaId: "6BE5E85B-7725-4DB9-8357-9097F777705D", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.13:*:*:*:server:*:*:*", matchCriteriaId: "910A2B29-3502-499B-892F-F6AD473CA6F6", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.14:*:*:*:data_center:*:*:*", matchCriteriaId: "2BAB1FDD-C213-48CB-B28B-802F0D1278A7", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.14:*:*:*:server:*:*:*", matchCriteriaId: "59D09ED0-E31D-4C6B-A217-A3C58C209782", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.15:*:*:*:data_center:*:*:*", matchCriteriaId: "746CCD4F-5411-4249-8A71-A47AD598498A", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.15:*:*:*:server:*:*:*", matchCriteriaId: "A055705E-4F63-4EB9-BABC-8888041D1E1F", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.16:*:*:*:data_center:*:*:*", matchCriteriaId: "AFA32156-893E-44A7-9F18-73586F2E21AB", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.16:*:*:*:server:*:*:*", matchCriteriaId: "631D10DC-9F03-4BEE-98DD-0759746825A2", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.17:*:*:*:data_center:*:*:*", matchCriteriaId: "AFAC053F-3A53-4AD8-9393-49A837A38A8C", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.17:*:*:*:server:*:*:*", matchCriteriaId: "FE355EB5-A0C4-471C-8E47-1898746D89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.18:*:*:*:data_center:*:*:*", matchCriteriaId: "CC230B1E-AA5E-4E76-92E5-41130C56DD34", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.18:*:*:*:server:*:*:*", matchCriteriaId: "B764FD56-DBFF-46EE-9108-CF88591DC7A2", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.19:*:*:*:data_center:*:*:*", matchCriteriaId: "3F369AD5-25DB-43E4-ADB5-22A774FC6F91", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.19:*:*:*:server:*:*:*", matchCriteriaId: "454804E1-9C4C-41AA-ACB4-0150BB39669C", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.20:*:*:*:data_center:*:*:*", matchCriteriaId: "79A73328-B3BF-4682-9B60-12A4039F9D1E", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.20:*:*:*:server:*:*:*", matchCriteriaId: "2A75238E-A82C-4BE9-8300-2BE8B40C31CD", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.21:*:*:*:data_center:*:*:*", matchCriteriaId: "1E7B8908-7F72-495B-B562-81E789643A60", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.21:*:*:*:server:*:*:*", matchCriteriaId: "55A04426-7D52-4F90-9623-109F201223AC", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.22:*:*:*:data_center:*:*:*", matchCriteriaId: "2CC10DC7-1B0B-41E6-B903-DC7E59F68517", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.22:*:*:*:server:*:*:*", matchCriteriaId: "E7A19BC6-3F2B-4248-8255-BBA729F941C7", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.23:*:*:*:data_center:*:*:*", matchCriteriaId: "DC4936AD-0B95-4687-B0A8-290E76D3ED7C", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.23:*:*:*:server:*:*:*", matchCriteriaId: "33A3BC88-F6CC-4CDD-8842-2DC5C4706AC3", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.24:*:*:*:data_center:*:*:*", matchCriteriaId: "AE05DF9B-2F49-45E9-AB47-A5FA18B6847E", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.24:*:*:*:server:*:*:*", matchCriteriaId: "29F7D306-FC7F-4748-BC1D-6280654B8409", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.25:*:*:*:data_center:*:*:*", matchCriteriaId: "C82EA42D-1583-4B6D-840E-69B804BD2902", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.20.25:*:*:*:server:*:*:*", matchCriteriaId: "22D1EEB6-D4D1-46FC-BB60-CF33EE970E43", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.21.0:*:*:*:data_center:*:*:*", matchCriteriaId: "F1992CBB-135C-4CD7-8D9B-037EEE0530BA", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.21.0:*:*:*:server:*:*:*", matchCriteriaId: "D8232A74-B1DA-48DD-9DF1-4D04F6091BE3", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.21.1:*:*:*:data_center:*:*:*", matchCriteriaId: "F81B63AA-1086-448A-8D60-F5CF41BB1226", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.21.1:*:*:*:server:*:*:*", matchCriteriaId: "2B8BBC24-532A-46AB-9D7D-241C43082E95", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.0:*:*:*:data_center:*:*:*", matchCriteriaId: "F629DC1E-E044-4D84-8D60-B4E6C139EE98", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.0:*:*:*:server:*:*:*", matchCriteriaId: "4BDBC59C-C5C7-4848-8CCA-D4DF0354BFCA", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.1:*:*:*:data_center:*:*:*", matchCriteriaId: "D2E75D91-EC8E-4BAC-B989-403120F84BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.1:*:*:*:server:*:*:*", matchCriteriaId: "FEA2A29A-D2AA-4688-888D-02923EEBFF4A", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.2:*:*:*:data_center:*:*:*", matchCriteriaId: "93EEA37B-7E96-455D-9131-2CDB77889080", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.2:*:*:*:server:*:*:*", matchCriteriaId: "71D2DC08-B93D-474B-9332-793A47E0A792", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.3:*:*:*:data_center:*:*:*", matchCriteriaId: "9263586C-D6A5-48F4-8F36-F672377AAFAD", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.3:*:*:*:server:*:*:*", matchCriteriaId: "01F142BF-C557-4D27-A263-0A77D3FBAA27", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.4:*:*:*:data_center:*:*:*", matchCriteriaId: "BC250698-AA6D-46FC-923D-9A3EB0742697", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.4:*:*:*:server:*:*:*", matchCriteriaId: "755B605C-E032-435B-90C3-FEB1EEBD43E7", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.6:*:*:*:data_center:*:*:*", matchCriteriaId: "728DE946-60C8-433A-807B-45720C668B37", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:4.22.6:*:*:*:server:*:*:*", matchCriteriaId: "F24C4029-A2D5-4B95-AE2B-10B035B28420", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.0.0:*:*:*:data_center:*:*:*", matchCriteriaId: "52672DE1-9B0D-4689-93AD-FF4B8A59E5EC", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.0.0:*:*:*:server:*:*:*", matchCriteriaId: "D802B4FE-F56F-46C4-A84B-EB89931EC16E", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.1.0:*:*:*:data_center:*:*:*", matchCriteriaId: "17E30F04-14EF-4F4D-8124-D0DD04E9EDF9", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.1.0:*:*:*:server:*:*:*", matchCriteriaId: "538503C1-F947-4BCF-836F-A609A601E064", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.1.1:*:*:*:data_center:*:*:*", matchCriteriaId: "07105957-FEBE-4E02-88FB-A8DDAE67E8A9", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.1.1:*:*:*:server:*:*:*", matchCriteriaId: "E40B10B9-F8C3-4279-A9AC-2E25AEF46D7A", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.2.0:*:*:*:data_center:*:*:*", matchCriteriaId: "C7D685CD-9CAD-42B5-B721-26203854F396", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.2.0:*:*:*:server:*:*:*", matchCriteriaId: "269B2F72-56A3-4750-8665-7DE03DAE3DAA", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.2.1:*:*:*:data_center:*:*:*", matchCriteriaId: "C600291E-2EDC-4F61-9FC1-C2C34C20EA4C", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.2.1:*:*:*:server:*:*:*", matchCriteriaId: "C8D33E70-8A27-46A2-BB14-87181F8DA0F3", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.3.0:*:*:*:data_center:*:*:*", matchCriteriaId: "F09CAEB7-4C1F-4B5B-9921-6DD06FF9EB9D", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.3.0:*:*:*:server:*:*:*", matchCriteriaId: "7E9F4E2A-E450-496C-B3E8-B0817BAD8817", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.3.1:*:*:*:data_center:*:*:*", matchCriteriaId: "964CB4B7-1502-4E92-B7D2-D864C13E338B", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.3.1:*:*:*:server:*:*:*", matchCriteriaId: "A9EFBC53-7C0B-408E-A745-0C83E9E38DAD", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.3.2:*:*:*:data_center:*:*:*", matchCriteriaId: "18A70517-84A8-4866-9FE8-06D0608391E4", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.3.2:*:*:*:server:*:*:*", matchCriteriaId: "E504A879-B312-4E8F-ADF9-8C1623B023AE", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.3.3:*:*:*:data_center:*:*:*", matchCriteriaId: "9EE1449F-6F38-4677-9DB9-AF2D9A7C2AE2", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.3.3:*:*:*:server:*:*:*", matchCriteriaId: "2BC5B994-25C4-4C00-8871-F3664878C83B", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.0:*:*:*:data_center:*:*:*", matchCriteriaId: "4484C6ED-659F-47F5-BFE2-7E9794FA51C3", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.0:*:*:*:server:*:*:*", matchCriteriaId: "F4449121-125E-49D9-BF3E-2A6EA169B796", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.1:*:*:*:data_center:*:*:*", matchCriteriaId: "C940817F-B265-4F42-AE19-DA2B49AC1D53", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.1:*:*:*:server:*:*:*", matchCriteriaId: "099869F1-BC95-4828-A0F5-9BBADDC3F6F3", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.2:*:*:*:data_center:*:*:*", matchCriteriaId: "601B5811-B1B8-4FF0-984B-62F07366615A", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.2:*:*:*:server:*:*:*", matchCriteriaId: "0D82DFCD-964E-406E-8329-E31A76FCFC64", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.3:*:*:*:data_center:*:*:*", matchCriteriaId: "ED8B7E12-9139-4BCB-9A5A-C8B23A6F8628", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.3:*:*:*:server:*:*:*", matchCriteriaId: "08F237B7-4C22-4A35-BC82-6B6E892B7EB3", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.4:*:*:*:data_center:*:*:*", matchCriteriaId: "0EC83F47-180C-481B-88A8-0E3C6654774C", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.4:*:*:*:server:*:*:*", matchCriteriaId: "2A3EA15F-DEBB-44A2-8CEA-B137AE8089CA", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.5:*:*:*:data_center:*:*:*", matchCriteriaId: "428B70AC-35A2-4D4F-9670-43B601426DD3", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.5:*:*:*:server:*:*:*", matchCriteriaId: "6314E670-88E8-4B09-9AF4-95E669A68A5A", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.6:*:*:*:data_center:*:*:*", matchCriteriaId: "4486E929-E1A8-4731-BE7E-A8BCCE594ADA", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.6:*:*:*:server:*:*:*", matchCriteriaId: "D24437F8-2B3A-4A0D-8C6C-A8B9E90457DB", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.7:*:*:*:data_center:*:*:*", matchCriteriaId: "06843035-CE98-48C8-BCB1-02976D233077", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.7:*:*:*:server:*:*:*", matchCriteriaId: "B98060AC-32A2-4F5A-A490-3E23F883D5A7", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.8:*:*:*:data_center:*:*:*", matchCriteriaId: "9681965F-AD13-420C-8845-A544520042DF", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.8:*:*:*:server:*:*:*", matchCriteriaId: "C9D2A5F2-F91C-4DA3-9EB6-441D17A6AB9F", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.9:*:*:*:data_center:*:*:*", matchCriteriaId: "6F3F93E1-8BB2-40BD-B4A9-D4136B742F82", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.4.9:*:*:*:server:*:*:*", matchCriteriaId: "549B3ADB-BAEF-4E45-856C-4B07F9FBB12A", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.5.1:*:*:*:data_center:*:*:*", matchCriteriaId: "941AD6CA-3F4E-43E5-AA68-95AB7C84F297", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.5.1:*:*:*:server:*:*:*", matchCriteriaId: "4630E46A-817F-4238-989F-93C633A10058", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.6.0:*:*:*:data_center:*:*:*", matchCriteriaId: "25D8E4A5-2AB6-42D4-B6D4-54484149BE75", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.6.0:*:*:*:server:*:*:*", matchCriteriaId: "9BA9FF1F-8F8C-47DD-9E7B-8B48FB453A83", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.7.0:*:*:*:data_center:*:*:*", matchCriteriaId: "D28343BD-5440-425E-AFEB-FC79EFB3C531", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.7.0:*:*:*:server:*:*:*", matchCriteriaId: "F29E98F7-4768-48C8-9D1C-448006DF0FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.7.1:*:*:*:data_center:*:*:*", matchCriteriaId: "E8B3B4C6-4E76-4184-BE92-A6EF2B4CB8D2", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.7.1:*:*:*:server:*:*:*", matchCriteriaId: "1320F61E-A562-438E-A19D-90C816920B63", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.8.0:*:*:*:data_center:*:*:*", matchCriteriaId: "35D28C45-8C74-4131-A2C5-1F1CE009BDED", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.8.0:*:*:*:server:*:*:*", matchCriteriaId: "64D7B52D-46CA-4769-9631-9E3E45927003", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.8.1:*:*:*:data_center:*:*:*", matchCriteriaId: "027F98AD-B508-4079-A1BD-EFDBDBA78331", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.8.1:*:*:*:server:*:*:*", matchCriteriaId: "D80A8C83-C8B1-4ADF-B45B-550E6BA45AEF", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.9.0:*:*:*:data_center:*:*:*", matchCriteriaId: "54EB831D-3D4C-4807-AF42-DFF7D9176773", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.9.0:*:*:*:server:*:*:*", matchCriteriaId: "031A34D6-C522-4301-BE02-83D3BADC8C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.10.0:*:*:*:data_center:*:*:*", matchCriteriaId: "109D37D3-3FC7-4443-974A-7D668ABE97D9", vulnerable: true, }, { criteria: "cpe:2.3:a:atlassian:jira_service_management:5.10.0:*:*:*:server:*:*:*", matchCriteriaId: "30D20E35-0BAC-4D43-A619-10B6A4572CBB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.", }, { lang: "es", value: "La función initDocumentParser en el archivo xml/XMLSchedulingDataProcessor.java en Quartz Scheduler de Terracotta hasta la versión 2.3.0, permite ataques de tipo XXE por medio de una descripción del trabajo.", }, ], id: "CVE-2019-13990", lastModified: "2024-11-21T04:25:50.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-07-26T19:15:11.730", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/quartz-scheduler/quartz/issues/467", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221028-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/quartz-scheduler/quartz/issues/467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221028-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-611", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-30 09:15
Modified
2024-11-21 04:22
Severity ?
Summary
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*", matchCriteriaId: "915E4B88-B2DA-40C0-AD95-9888FD42EEAF", versionEndIncluding: "1.18", versionStartIncluding: "1.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*", matchCriteriaId: "2FF46C9A-7768-4E52-A676-BEA6AE766AD4", versionEndIncluding: "14.4.0", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", matchCriteriaId: "FBCE22C0-4253-40A5-89AE-499A3BC9EFF3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", matchCriteriaId: "AB9FC9AB-1070-420F-870E-A5EC43A924A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "727DF4F5-3D21-491E-96B9-EC973A6C9C18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", matchCriteriaId: "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*", matchCriteriaId: "991A279B-9D7C-4E39-8827-BC21C2C03B83", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A69266D2-72D0-4A6C-883D-2597FE30931B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "DED59B62-C9BF-4C0E-B351-3884E8441655", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "CEB3BE9F-44AC-4EE0-9E66-2B72CF4AF0F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "99BA317E-3C52-4BAF-B61C-803B7208C155", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "929638B0-AAD1-4326-9549-2FA8D03AA7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "597495A7-FE17-4B31-804D-B28C2B872B4D", versionEndIncluding: "18.8.8", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*", matchCriteriaId: "B201A85E-1310-46B8-8A3B-FF7675F84E09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.", }, { lang: "es", value: "El algoritmo de codificación de nombre de archivo utilizado internamente en Apache Commons Compress versiones 1.15 hasta 1.18, puede entrar en un bucle infinito cuando se enfrenta a entradas especialmente diseñadas. Esto puede conllevar a un ataque de denegación de servicio si un atacante puede elegir los nombres de archivo dentro de un registro creado por Compress.", }, ], id: "CVE-2019-12402", lastModified: "2024-11-21T04:22:45.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-30T09:15:17.910", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/", }, { source: "security@apache.org", url: "https://security.netapp.com/advisory/ntap-20230818-0001/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@apache.org", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230818-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 18:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | 4.1.6 | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.4 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.2.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:4.1.6:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "F82A961E-9004-4F29-8346-496CDAC5F2FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "BDB13348-C8CA-4E71-9DC6-091B09D52E96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4FB98961-8C99-4490-A6B8-9A5158784F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "159F3C77-88C9-40B4-8FD2-70C8C208F95A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "EF096355-CD16-4F20-8E2D-1297BE6BC560", versionEndIncluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en su versión 4.1.6, contiene una vulnerabilidad de desbordamiento de enteros. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa para provocar una denegación de servicio (DoS).", }, ], id: "CVE-2018-11054", lastModified: "2024-11-21T03:42:34.523", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T18:29:00.263", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }