Vulnerabilites related to oracle - financial_services_price_creation_and_discovery
cve-2020-11113
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200403-0002/ | x_refsource_CONFIRM | |
| https://github.com/FasterXML/jackson-databind/issues/2670 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jackson-databind", vendor: "fasterxml", versions: [ { lessThan: "2.9.10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "debian_linux", vendor: "debian", versions: [ { status: "affected", version: "8.0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "steelstore_cloud_integrated_storage", vendor: "netapp", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agile_plm", vendor: "oracle", versions: [ { status: "affected", version: "9.3.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "autovue_for_agile_product_lifecycle_management", vendor: "oracle", versions: [ { status: "affected", version: "21.0.2", }, ], }, { cpes: [ "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "banking_digital_experience", vendor: "oracle", versions: [ { lessThanOrEqual: "18.3", status: "affected", version: "18.1", versionType: "custom", }, { lessThanOrEqual: "19.2", status: "affected", version: "19.1", versionType: "custom", }, { status: "affected", version: "20.1", }, { lessThanOrEqual: "2.9.0", status: "affected", version: "2.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_calendar_server", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.0.5.0", status: "affected", version: "8.0.0.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_diameter_signaling_router", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_element_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_evolved_communications_application_server", vendor: "oracle", versions: [ { status: "affected", version: "7.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_instant_messaging_server", vendor: "oracle", versions: [ { status: "affected", version: "10.0.1.4.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { status: "affected", version: "6.0.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { lessThanOrEqual: "12.0.3", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_session_route_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "enterprise_manager_base_platform", vendor: "oracle", versions: [ { lessThanOrEqual: "13.4.0.0", status: "affected", version: "13.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_analytical_applications_infrastructure", vendor: "oracle", versions: [ { lessThanOrEqual: "8.1.0", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_institutional_performance_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, { status: "affected", version: "8.0.7", }, { status: "affected", version: "8.1.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_price_creation_and_discovery", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.7", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_retail_customer_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "global_lifecycle_management_opatch", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.0.1.20", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "insurance_policy_administration_j2ee", vendor: "oracle", versions: [ { lessThan: "11.1.0.15", status: "affected", version: "11.0.2.25", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jd_edwards_enterpriseone_orchestrator", vendor: "oracle", versions: [ { lessThanOrEqual: "9.2.4.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "primavera_unifier", vendor: "oracle", versions: [ { status: "affected", version: "16.1", }, { status: "affected", version: "16.2", }, { lessThanOrEqual: "17.12", status: "affected", version: "17.7", versionType: "custom", }, { status: "affected", version: "18.8", }, { status: "affected", version: "19.12", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_merchandising_system", vendor: "oracle", versions: [ { status: "affected", version: "15.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_sales_audit", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_service_backbone", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, { status: "affected", version: "15.0", }, { status: "affected", version: "16.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_xstore_point_of_service", vendor: "oracle", versions: [ { lessThanOrEqual: "19.0", status: "affected", version: "15.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "weblogic_server", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.1.4.0", status: "affected", version: "12.2.1.3.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-11113", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-25T04:00:43.551763Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:12:17.648Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T11:21:14.618Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2670", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:38:50", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/FasterXML/jackson-databind/issues/2670", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11113", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", refsource: "MISC", url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200403-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2670", refsource: "MISC", url: "https://github.com/FasterXML/jackson-databind/issues/2670", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11113", datePublished: "2020-03-31T04:37:27", dateReserved: "2020-03-31T00:00:00", dateUpdated: "2024-08-04T11:21:14.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10968
Vulnerability from cvelistv5
Published
2020-03-26 12:43
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200403-0002/ | x_refsource_CONFIRM | |
| https://github.com/FasterXML/jackson-databind/issues/2662 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "debian_linux", vendor: "debian", versions: [ { status: "affected", version: "8.0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "steelstore_cloud_integrated_storage", vendor: "netapp", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agile_plm", vendor: "oracle", versions: [ { status: "affected", version: "9.3.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "autovue_for_agile_product_lifecycle_management", vendor: "oracle", versions: [ { status: "affected", version: "21.0.2", }, ], }, { cpes: [ "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "banking_digital_experience", vendor: "oracle", versions: [ { lessThanOrEqual: "18.3", status: "affected", version: "18.1", versionType: "custom", }, { lessThanOrEqual: "19.2", status: "affected", version: "19.1", versionType: "custom", }, { status: "affected", version: "20.1", }, { lessThanOrEqual: "2.9.0", status: "affected", version: "2.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_calendar_server", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.0.5.0", status: "affected", version: "8.0.0.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_diameter_signaling_router", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_element_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_evolved_communications_application_server", vendor: "oracle", versions: [ { status: "affected", version: "7.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_instant_messaging_server", vendor: "oracle", versions: [ { status: "affected", version: "10.0.1.4.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { status: "affected", version: "6.0.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { lessThanOrEqual: "12.0.3", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_session_route_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "enterprise_manager_base_platform", vendor: "oracle", versions: [ { lessThanOrEqual: "13.4.0.0", status: "affected", version: "13.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_analytical_applications_infrastructure", vendor: "oracle", versions: [ { lessThanOrEqual: "8.1.0", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_institutional_performance_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, { status: "affected", version: "8.0.7", }, { status: "affected", version: "8.1.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_price_creation_and_discovery", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.7", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_retail_customer_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "global_lifecycle_management_opatch", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.0.1.20", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "insurance_policy_administration_j2ee", vendor: "oracle", versions: [ { lessThan: "11.1.0.15", status: "affected", version: "11.0.2.25", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jd_edwards_enterpriseone_orchestrator", vendor: "oracle", versions: [ { lessThanOrEqual: "9.2.4.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "primavera_unifier", vendor: "oracle", versions: [ { status: "affected", version: "16.1", }, { status: "affected", version: "16.2", }, { lessThanOrEqual: "17.12", status: "affected", version: "17.7", versionType: "custom", }, { status: "affected", version: "18.8", }, { status: "affected", version: "19.12", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_merchandising_system", vendor: "oracle", versions: [ { status: "affected", version: "15.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_sales_audit", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_service_backbone", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, { status: "affected", version: "15.0", }, { status: "affected", version: "16.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_xstore_point_of_service", vendor: "oracle", versions: [ { lessThanOrEqual: "19.0", status: "affected", version: "15.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "weblogic_server", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.1.4.0", status: "affected", version: "12.2.1.3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jackson-databind", vendor: "fasterxml", versions: [ { lessThan: "2.9.10.4", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-10968", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-25T04:00:46.867668Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T19:57:31.283Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T11:21:14.276Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2662", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:38:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/FasterXML/jackson-databind/issues/2662", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10968", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", refsource: "MISC", url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200403-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2662", refsource: "MISC", url: "https://github.com/FasterXML/jackson-databind/issues/2662", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10968", datePublished: "2020-03-26T12:43:45", dateReserved: "2020-03-26T00:00:00", dateUpdated: "2024-08-04T11:21:14.276Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11358
Vulnerability from cvelistv5
Published
2019-04-19 00:00
Modified
2024-11-15 15:11
Severity ?
EPSS score ?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:48:09.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.drupal.org/sa-core-2019-006", }, { tags: [ "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_19", }, { name: "DSA-4434", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4434", }, { name: "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Apr/32", }, { name: "108023", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/108023", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", }, { name: "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", }, { name: "FEDORA-2019-eba8e44ee6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", }, { name: "FEDORA-2019-1a3edd7e8a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", }, { name: "FEDORA-2019-7eaf0bbe7c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", }, { name: "FEDORA-2019-2a0ce0c58c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", }, { name: "FEDORA-2019-a06dffab1c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", }, { name: "FEDORA-2019-f563e66380", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", }, { name: "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/06/03/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "DSA-4460", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4460", }, { name: "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", tags: [ "mailing-list", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jun/12", }, { name: "openSUSE-SU-2019:1839", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "openSUSE-SU-2019:1872", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { name: "RHSA-2019:2587", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2587", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190919-0001/", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2019:3024", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2019-08", }, { name: "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", }, { name: "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-02", }, { name: "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", }, { name: "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_transferred", ], url: "https://backdropcms.org/security/backdrop-sa-core-2019-009", }, { tags: [ "x_transferred", ], url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { tags: [ "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", }, { tags: [ "x_transferred", ], url: "https://github.com/jquery/jquery/pull/4333", }, { tags: [ "x_transferred", ], url: "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", }, { tags: [ "x_transferred", ], url: "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", }, { name: "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-11358", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-20T15:03:16.892088Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T15:11:23.024Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T02:06:52.187292", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.drupal.org/sa-core-2019-006", }, { url: "https://www.synology.com/security/advisory/Synology_SA_19_19", }, { name: "DSA-4434", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4434", }, { name: "20190421 [SECURITY] [DSA 4434-1] drupal7 security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Apr/32", }, { name: "108023", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/108023", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", }, { name: "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", }, { name: "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", }, { name: "FEDORA-2019-eba8e44ee6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", }, { name: "FEDORA-2019-1a3edd7e8a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", }, { name: "FEDORA-2019-7eaf0bbe7c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", }, { name: "FEDORA-2019-2a0ce0c58c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", }, { name: "FEDORA-2019-a06dffab1c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", }, { name: "FEDORA-2019-f563e66380", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", }, { name: "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/06/03/2", }, { url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { name: "RHSA-2019:1456", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { name: "DSA-4460", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2019/dsa-4460", }, { name: "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", tags: [ "mailing-list", ], url: "https://seclists.org/bugtraq/2019/Jun/12", }, { name: "openSUSE-SU-2019:1839", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", }, { name: "RHBA-2019:1570", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { name: "openSUSE-SU-2019:1872", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { name: "RHSA-2019:2587", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2587", }, { url: "https://security.netapp.com/advisory/ntap-20190919-0001/", }, { name: "RHSA-2019:3023", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { name: "RHSA-2019:3024", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", }, { url: "https://www.tenable.com/security/tns-2019-08", }, { name: "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", }, { name: "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", }, { url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { url: "https://www.tenable.com/security/tns-2020-02", }, { name: "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", }, { name: "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { url: "https://backdropcms.org/security/backdrop-sa-core-2019-009", }, { url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { url: "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", }, { url: "https://github.com/jquery/jquery/pull/4333", }, { url: "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", }, { url: "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", }, { name: "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11358", datePublished: "2019-04-19T00:00:00", dateReserved: "2019-04-19T00:00:00", dateUpdated: "2024-11-15T15:11:23.024Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-9488
Vulnerability from cvelistv5
Published
2020-04-27 15:36
Modified
2024-08-04 10:26
Severity ?
EPSS score ?
Summary
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Log4j |
Version: log4j-core 2.13.0 Version: log4j-core < 2.12.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:26:16.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { name: "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E", }, { name: "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[kafka-users] 20210617 vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Log4j", vendor: "Apache", versions: [ { status: "affected", version: "log4j-core 2.13.0", }, { lessThan: "2.12.3", status: "affected", version: "log4j-core", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1", }, ], problemTypes: [ { descriptions: [ { description: "Improper Validation of Certificate with Host Mismatch", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:23:40", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { name: "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E", }, { name: "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[kafka-users] 20210617 vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-9488", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Log4j", version: { version_data: [ { version_affected: "<", version_name: "log4j-core", version_value: "2.12.3", }, { version_affected: "=", version_name: "log4j-core", version_value: "2.13.0", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Validation of Certificate with Host Mismatch", }, ], }, ], }, references: { reference_data: [ { name: "[zookeeper-issues] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 [jira] [Created] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 Build failed in Jenkins: zookeeper-master-maven-owasp #489", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Assigned] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Commented] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200504 log4j SmtpAppender related CVE", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat opened a new pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Updated] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch master updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20200504 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200504 [jira] [Resolved] (ZOOKEEPER-3817) owasp failing due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20200504 [GitHub] [zookeeper] symat commented on pull request #1346: ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220@%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-dev] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20@%3Cdev.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200514 [jira] [Created] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a@%3Cjira.kafka.apache.org%3E", }, { name: "[kafka-jira] 20200515 [jira] [Commented] (KAFKA-9997) upgrade log4j lib to address CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463@%3Cjira.kafka.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://issues.apache.org/jira/browse/LOG4J2-2819", refsource: "CONFIRM", url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { name: "https://security.netapp.com/advisory/ntap-20200504-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { name: "[db-torque-dev] 20200715 Build failed in Jenkins: Torque4-trunk #685", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4@%3Ctorque-dev.db.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[hive-issues] 20201207 [jira] [Work started] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Assigned] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201207 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f@%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20201207 [jira] [Created] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f@%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20201208 [jira] [Updated] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3@%3Cissues.hive.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987@%3Cgitbox.hive.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210125 [jira] [Work logged] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3@%3Cissues.hive.apache.org%3E", }, { name: "[db-torque-dev] 20210127 Re: Items for our (delayed) quarterly report to the board?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E", }, { name: "[db-torque-dev] 20210128 Antwort: Re: Items for our (delayed) quarterly report to the board?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E", }, { name: "[hive-issues] 20210209 [jira] [Resolved] (HIVE-24500) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04@%3Cissues.hive.apache.org%3E", }, { name: "[hive-dev] 20210216 [jira] [Created] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b@%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Resolved] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210216 [jira] [Assigned] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210218 [jira] [Updated] (HIVE-24787) Hive - upgrade log4j 2.12.1 to 2.13.2+ due to CVE-2020-9488", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75@%3Cissues.hive.apache.org%3E", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", }, { name: "[flink-issues] 20210510 [GitHub] [flink] zentol opened a new pull request #15879: [FLINK-22407][build] Bump log4j to 2.24.1", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a@%3Cissues.flink.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[kafka-users] 20210617 vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5020", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2852-1] apache-log4j2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-9488", datePublished: "2020-04-27T15:36:10", dateReserved: "2020-03-01T00:00:00", dateUpdated: "2024-08-04T10:26:16.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-2722
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:26
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040214 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102673 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Financial Services Price Creation and Discovery |
Version: 8.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:29:44.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040214", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040214", }, { name: "102673", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102673", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-2722", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T19:24:54.517182Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T20:26:21.834Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Financial Services Price Creation and Discovery", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "8.0.5", }, ], }, ], datePublic: "2018-01-03T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-18T10:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040214", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040214", }, { name: "102673", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102673", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2018-2722", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Financial Services Price Creation and Discovery", version: { version_data: [ { version_affected: "=", version_value: "8.0.5", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040214", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040214", }, { name: "102673", refsource: "BID", url: "http://www.securityfocus.com/bid/102673", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2018-2722", datePublished: "2018-01-18T02:00:00", dateReserved: "2017-12-15T00:00:00", dateUpdated: "2024-10-03T20:26:21.834Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11022
Vulnerability from cvelistv5
Published
2020-04-29 00:00
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:21:14.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-4693", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4693", }, { name: "FEDORA-2020-11be4b36d4", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/", }, { name: "FEDORA-2020-36d2db5f51", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_transferred", ], url: "https://jquery.com/upgrade-guide/3.5/", }, { tags: [ "x_transferred", ], url: "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", }, { tags: [ "x_transferred", ], url: "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", }, { tags: [ "x_transferred", ], url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200511-0006/", }, { tags: [ "x_transferred", ], url: "https://www.drupal.org/sa-core-2020-002", }, { name: "openSUSE-SU-2020:1060", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", }, { name: "GLSA-202007-03", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-03", }, { name: "openSUSE-SU-2020:1106", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", }, { name: "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E", }, { name: "FEDORA-2020-fbb94073a1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", }, { name: "FEDORA-2020-0b32a59b54", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", }, { name: "FEDORA-2020-fe94df8c34", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", }, { name: "openSUSE-SU-2020:1888", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", }, { name: "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-11", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-10", }, { name: "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", }, { name: "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", }, { name: "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-10", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-02", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "jQuery", vendor: "jquery", versions: [ { status: "affected", version: ">= 1.2, < 3.5.0", }, ], }, ], descriptions: [ { lang: "en", value: "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-31T02:06:33.630688", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "DSA-4693", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2020/dsa-4693", }, { name: "FEDORA-2020-11be4b36d4", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/", }, { name: "FEDORA-2020-36d2db5f51", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", }, { url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { url: "https://jquery.com/upgrade-guide/3.5/", }, { url: "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", }, { url: "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", }, { url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { url: "https://security.netapp.com/advisory/ntap-20200511-0006/", }, { url: "https://www.drupal.org/sa-core-2020-002", }, { name: "openSUSE-SU-2020:1060", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", }, { name: "GLSA-202007-03", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202007-03", }, { name: "openSUSE-SU-2020:1106", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", }, { name: "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E", }, { name: "FEDORA-2020-fbb94073a1", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", }, { name: "FEDORA-2020-0b32a59b54", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", }, { name: "FEDORA-2020-fe94df8c34", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", }, { url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", }, { name: "openSUSE-SU-2020:1888", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", }, { name: "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { url: "https://www.tenable.com/security/tns-2020-11", }, { url: "https://www.tenable.com/security/tns-2020-10", }, { name: "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", }, { name: "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", }, { name: "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", }, { name: "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { url: "https://www.tenable.com/security/tns-2021-10", }, { url: "https://www.tenable.com/security/tns-2021-02", }, { url: "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, ], source: { advisory: "GHSA-gxr4-xjj5-5px2", discovery: "UNKNOWN", }, title: "Potential XSS vulnerability in jQuery", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-11022", datePublished: "2020-04-29T00:00:00", dateReserved: "2020-03-30T00:00:00", dateUpdated: "2024-08-04T11:21:14.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-9546
Vulnerability from cvelistv5
Published
2020-03-02 03:59
Modified
2024-08-04 10:34
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:34:39.829Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html", }, { name: "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2631", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200904-0006/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:40:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html", }, { name: "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/FasterXML/jackson-databind/issues/2631", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200904-0006/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-9546", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html", }, { name: "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E", }, { name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", refsource: "MISC", url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2631", refsource: "MISC", url: "https://github.com/FasterXML/jackson-databind/issues/2631", }, { name: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200904-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200904-0006/", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-9546", datePublished: "2020-03-02T03:59:18", dateReserved: "2020-03-02T00:00:00", dateUpdated: "2024-08-04T10:34:39.829Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10673
Vulnerability from cvelistv5
Published
2020-03-18 21:17
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html | mailing-list, x_refsource_MLIST | |
| https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200403-0002/ | x_refsource_CONFIRM | |
| https://github.com/FasterXML/jackson-databind/issues/2660 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "debian_linux", vendor: "debian", versions: [ { status: "affected", version: "8.0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "steelstore_cloud_integrated_storage", vendor: "netapp", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agile_plm", vendor: "oracle", versions: [ { status: "affected", version: "9.3.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "autovue_for_agile_product_lifecycle_management", vendor: "oracle", versions: [ { status: "affected", version: "21.0.2", }, ], }, { cpes: [ "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "banking_digital_experience", vendor: "oracle", versions: [ { lessThanOrEqual: "18.3", status: "affected", version: "18.1", versionType: "custom", }, { lessThanOrEqual: "19.2", status: "affected", version: "19.1", versionType: "custom", }, { status: "affected", version: "20.1", }, { lessThanOrEqual: "2.9.0", status: "affected", version: "2.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_calendar_server", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.0.5.0", status: "affected", version: "8.0.0.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_diameter_signaling_router", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_element_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_evolved_communications_application_server", vendor: "oracle", versions: [ { status: "affected", version: "7.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_instant_messaging_server", vendor: "oracle", versions: [ { status: "affected", version: "10.0.1.4.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { status: "affected", version: "6.0.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { lessThanOrEqual: "12.0.3", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_session_route_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "enterprise_manager_base_platform", vendor: "oracle", versions: [ { lessThanOrEqual: "13.4.0.0", status: "affected", version: "13.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_analytical_applications_infrastructure", vendor: "oracle", versions: [ { lessThanOrEqual: "8.1.0", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_institutional_performance_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, { status: "affected", version: "8.0.7", }, { status: "affected", version: "8.1.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_price_creation_and_discovery", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.7", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_retail_customer_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "global_lifecycle_management_opatch", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.0.1.20", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "insurance_policy_administration_j2ee", vendor: "oracle", versions: [ { lessThan: "11.1.0.15", status: "affected", version: "11.0.2.25", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jd_edwards_enterpriseone_orchestrator", vendor: "oracle", versions: [ { lessThanOrEqual: "9.2.4.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "primavera_unifier", vendor: "oracle", versions: [ { status: "affected", version: "16.1", }, { status: "affected", version: "16.2", }, { lessThanOrEqual: "17.12", status: "affected", version: "17.7", versionType: "custom", }, { status: "affected", version: "18.8", }, { status: "affected", version: "19.12", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_merchandising_system", vendor: "oracle", versions: [ { status: "affected", version: "15.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_sales_audit", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_service_backbone", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, { status: "affected", version: "15.0", }, { status: "affected", version: "16.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_xstore_point_of_service", vendor: "oracle", versions: [ { lessThanOrEqual: "19.0", status: "affected", version: "15.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "weblogic_server", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.1.4.0", status: "affected", version: "12.2.1.3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jackson-databind", vendor: "fasterxml", versions: [ { lessThan: "2.9.10.4", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-10673", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-25T04:00:47.873963Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T19:56:37.760Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T11:06:10.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2660", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:38:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/FasterXML/jackson-databind/issues/2660", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10673", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", refsource: "MISC", url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200403-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2660", refsource: "MISC", url: "https://github.com/FasterXML/jackson-databind/issues/2660", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10673", datePublished: "2020-03-18T21:17:26", dateReserved: "2020-03-18T00:00:00", dateUpdated: "2024-08-04T11:06:10.672Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2942
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-27 18:47
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Financial Services Price Creation and Discovery |
Version: 8.0.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:24:00.343Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2942", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T18:00:28.066916Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:47:53.472Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Financial Services Price Creation and Discovery", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "8.0.7", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T13:29:53", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2942", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Financial Services Price Creation and Discovery", version: { version_data: [ { version_affected: "=", version_value: "8.0.7", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).", }, ], }, impact: { cvss: { baseScore: "7.1", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2942", datePublished: "2020-04-15T13:29:53", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-27T18:47:53.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-2721
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:26
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040214 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102668 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Financial Services Price Creation and Discovery |
Version: 8.0.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T04:29:44.362Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040214", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040214", }, { name: "102668", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102668", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-2721", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T19:20:21.589430Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T20:26:28.313Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Financial Services Price Creation and Discovery", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "8.0.5", }, ], }, ], datePublic: "2018-01-03T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-18T10:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040214", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040214", }, { name: "102668", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102668", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2018-2721", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Financial Services Price Creation and Discovery", version: { version_data: [ { version_affected: "=", version_value: "8.0.5", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "1040214", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040214", }, { name: "102668", refsource: "BID", url: "http://www.securityfocus.com/bid/102668", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2018-2721", datePublished: "2018-01-18T02:00:00", dateReserved: "2017-12-15T00:00:00", dateUpdated: "2024-10-03T20:26:28.313Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10969
Vulnerability from cvelistv5
Published
2020-03-26 12:43
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200403-0002/ | x_refsource_CONFIRM | |
| https://github.com/FasterXML/jackson-databind/issues/2642 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "debian_linux", vendor: "debian", versions: [ { status: "affected", version: "8.0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "steelstore_cloud_integrated_storage", vendor: "netapp", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agile_plm", vendor: "oracle", versions: [ { status: "affected", version: "9.3.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "autovue_for_agile_product_lifecycle_management", vendor: "oracle", versions: [ { status: "affected", version: "21.0.2", }, ], }, { cpes: [ "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "banking_digital_experience", vendor: "oracle", versions: [ { lessThanOrEqual: "18.3", status: "affected", version: "18.1", versionType: "custom", }, { lessThanOrEqual: "19.2", status: "affected", version: "19.1", versionType: "custom", }, { status: "affected", version: "20.1", }, { lessThanOrEqual: "2.9.0", status: "affected", version: "2.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_calendar_server", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.0.5.0", status: "affected", version: "8.0.0.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_diameter_signaling_router", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_element_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_evolved_communications_application_server", vendor: "oracle", versions: [ { status: "affected", version: "7.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_instant_messaging_server", vendor: "oracle", versions: [ { status: "affected", version: "10.0.1.4.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { status: "affected", version: "6.0.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { lessThanOrEqual: "12.0.3", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_session_route_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "enterprise_manager_base_platform", vendor: "oracle", versions: [ { lessThanOrEqual: "13.4.0.0", status: "affected", version: "13.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_analytical_applications_infrastructure", vendor: "oracle", versions: [ { lessThanOrEqual: "8.1.0", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_institutional_performance_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, { status: "affected", version: "8.0.7", }, { status: "affected", version: "8.1.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_price_creation_and_discovery", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.7", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_retail_customer_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "global_lifecycle_management_opatch", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.0.1.20", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "insurance_policy_administration_j2ee", vendor: "oracle", versions: [ { lessThan: "11.1.0.15", status: "affected", version: "11.0.2.25", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jd_edwards_enterpriseone_orchestrator", vendor: "oracle", versions: [ { lessThanOrEqual: "9.2.4.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "primavera_unifier", vendor: "oracle", versions: [ { status: "affected", version: "16.1", }, { status: "affected", version: "16.2", }, { lessThanOrEqual: "17.12", status: "affected", version: "17.7", versionType: "custom", }, { status: "affected", version: "18.8", }, { status: "affected", version: "19.12", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_merchandising_system", vendor: "oracle", versions: [ { status: "affected", version: "15.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_sales_audit", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_service_backbone", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, { status: "affected", version: "15.0", }, { status: "affected", version: "16.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_xstore_point_of_service", vendor: "oracle", versions: [ { lessThanOrEqual: "19.0", status: "affected", version: "15.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "weblogic_server", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.1.4.0", status: "affected", version: "12.2.1.3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jackson-databind", vendor: "fasterxml", versions: [ { lessThan: "2.9.10.4", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-10969", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-25T04:00:45.779442Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T19:58:54.159Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T11:21:13.816Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2642", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:38:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/FasterXML/jackson-databind/issues/2642", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10969", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", refsource: "MISC", url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200403-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2642", refsource: "MISC", url: "https://github.com/FasterXML/jackson-databind/issues/2642", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10969", datePublished: "2020-03-26T12:43:34", dateReserved: "2020-03-26T00:00:00", dateUpdated: "2024-08-04T11:21:13.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10672
Vulnerability from cvelistv5
Published
2020-03-18 21:17
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html | mailing-list, x_refsource_MLIST | |
| https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://github.com/FasterXML/jackson-databind/issues/2659 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200403-0002/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "debian_linux", vendor: "debian", versions: [ { status: "affected", version: "8.0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "steelstore_cloud_integrated_storage", vendor: "netapp", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agile_plm", vendor: "oracle", versions: [ { status: "affected", version: "9.3.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "autovue_for_agile_product_lifecycle_management", vendor: "oracle", versions: [ { status: "affected", version: "21.0.2", }, ], }, { cpes: [ "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "banking_digital_experience", vendor: "oracle", versions: [ { lessThanOrEqual: "18.3", status: "affected", version: "18.1", versionType: "custom", }, { lessThanOrEqual: "19.2", status: "affected", version: "19.1", versionType: "custom", }, { status: "affected", version: "20.1", }, { lessThanOrEqual: "2.9.0", status: "affected", version: "2.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_calendar_server", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.0.5.0", status: "affected", version: "8.0.0.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_diameter_signaling_router", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_element_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_evolved_communications_application_server", vendor: "oracle", versions: [ { status: "affected", version: "7.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_instant_messaging_server", vendor: "oracle", versions: [ { status: "affected", version: "10.0.1.4.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { status: "affected", version: "6.0.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { lessThanOrEqual: "12.0.3", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_session_route_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "enterprise_manager_base_platform", vendor: "oracle", versions: [ { lessThanOrEqual: "13.4.0.0", status: "affected", version: "13.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_analytical_applications_infrastructure", vendor: "oracle", versions: [ { lessThanOrEqual: "8.1.0", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_institutional_performance_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, { status: "affected", version: "8.0.7", }, { status: "affected", version: "8.1.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_price_creation_and_discovery", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.7", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_retail_customer_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "global_lifecycle_management_opatch", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.0.1.20", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "insurance_policy_administration_j2ee", vendor: "oracle", versions: [ { lessThan: "11.1.0.15", status: "affected", version: "11.0.2.25", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jd_edwards_enterpriseone_orchestrator", vendor: "oracle", versions: [ { lessThanOrEqual: "9.2.4.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "primavera_unifier", vendor: "oracle", versions: [ { status: "affected", version: "16.1", }, { status: "affected", version: "16.2", }, { lessThanOrEqual: "17.12", status: "affected", version: "17.7", versionType: "custom", }, { status: "affected", version: "18.8", }, { status: "affected", version: "19.12", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_merchandising_system", vendor: "oracle", versions: [ { status: "affected", version: "15.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_sales_audit", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_service_backbone", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, { status: "affected", version: "15.0", }, { status: "affected", version: "16.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_xstore_point_of_service", vendor: "oracle", versions: [ { lessThanOrEqual: "19.0", status: "affected", version: "15.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "weblogic_server", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.1.4.0", status: "affected", version: "12.2.1.3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jackson-databind", vendor: "fasterxml", versions: [ { lessThan: "2.9.10.4", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-10672", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-25T04:00:48.872316Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T19:56:32.131Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T11:06:11.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2659", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:38:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/FasterXML/jackson-databind/issues/2659", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-10672", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", refsource: "MISC", url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2659", refsource: "MISC", url: "https://github.com/FasterXML/jackson-databind/issues/2659", }, { name: "https://security.netapp.com/advisory/ntap-20200403-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-10672", datePublished: "2020-03-18T21:17:43", dateReserved: "2020-03-18T00:00:00", dateUpdated: "2024-08-04T11:06:11.143Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11112
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200403-0002/ | x_refsource_CONFIRM | |
| https://github.com/FasterXML/jackson-databind/issues/2666 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jackson-databind", vendor: "fasterxml", versions: [ { lessThan: "2.9.10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "debian_linux", vendor: "debian", versions: [ { status: "affected", version: "8.0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "steelstore_cloud_integrated_storage", vendor: "netapp", versions: [ { status: "affected", version: "*", }, ], }, { cpes: [ "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "agile_plm", vendor: "oracle", versions: [ { status: "affected", version: "9.3.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "autovue_for_agile_product_lifecycle_management", vendor: "oracle", versions: [ { status: "affected", version: "21.0.2", }, ], }, { cpes: [ "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "banking_digital_experience", vendor: "oracle", versions: [ { lessThanOrEqual: "18.3", status: "affected", version: "18.1", versionType: "custom", }, { lessThanOrEqual: "19.2", status: "affected", version: "19.1", versionType: "custom", }, { status: "affected", version: "20.1", }, { lessThanOrEqual: "2.9.0", status: "affected", version: "2.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_calendar_server", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.0.5.0", status: "affected", version: "8.0.0.4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_diameter_signaling_router", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_element_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_evolved_communications_application_server", vendor: "oracle", versions: [ { status: "affected", version: "7.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_instant_messaging_server", vendor: "oracle", versions: [ { status: "affected", version: "10.0.1.4.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { status: "affected", version: "6.0.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_network_charging_and_control", vendor: "oracle", versions: [ { lessThanOrEqual: "12.0.3", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "communications_session_route_manager", vendor: "oracle", versions: [ { lessThanOrEqual: "8.2.2", status: "affected", version: "8.2.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "enterprise_manager_base_platform", vendor: "oracle", versions: [ { lessThanOrEqual: "13.4.0.0", status: "affected", version: "13.3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_analytical_applications_infrastructure", vendor: "oracle", versions: [ { lessThanOrEqual: "8.1.0", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_institutional_performance_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, { status: "affected", version: "8.0.7", }, { status: "affected", version: "8.1.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_price_creation_and_discovery", vendor: "oracle", versions: [ { lessThanOrEqual: "8.0.7", status: "affected", version: "8.0.6", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "financial_services_retail_customer_analytics", vendor: "oracle", versions: [ { status: "affected", version: "8.0.6", }, ], }, { cpes: [ "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "global_lifecycle_management_opatch", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.0.1.20", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "insurance_policy_administration_j2ee", vendor: "oracle", versions: [ { lessThan: "11.1.0.15", status: "affected", version: "11.0.2.25", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jd_edwards_enterpriseone_orchestrator", vendor: "oracle", versions: [ { lessThanOrEqual: "9.2.4.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "primavera_unifier", vendor: "oracle", versions: [ { status: "affected", version: "16.1", }, { status: "affected", version: "16.2", }, { lessThanOrEqual: "17.12", status: "affected", version: "17.7", versionType: "custom", }, { status: "affected", version: "18.8", }, { status: "affected", version: "19.12", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_merchandising_system", vendor: "oracle", versions: [ { status: "affected", version: "15.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_sales_audit", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_service_backbone", vendor: "oracle", versions: [ { status: "affected", version: "14.1", }, { status: "affected", version: "15.0", }, { status: "affected", version: "16.0", }, ], }, { cpes: [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "retail_xstore_point_of_service", vendor: "oracle", versions: [ { lessThanOrEqual: "19.0", status: "affected", version: "15.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "weblogic_server", vendor: "oracle", versions: [ { lessThanOrEqual: "12.2.1.4.0", status: "affected", version: "12.2.1.3.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-11112", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-25T04:00:42.504958Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:12:17.235Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T11:21:14.621Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/FasterXML/jackson-databind/issues/2666", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-20T10:38:49", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/FasterXML/jackson-databind/issues/2666", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11112", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { name: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", refsource: "MISC", url: "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200403-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { name: "https://github.com/FasterXML/jackson-databind/issues/2666", refsource: "MISC", url: "https://github.com/FasterXML/jackson-databind/issues/2666", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11112", datePublished: "2020-03-31T04:37:41", dateReserved: "2020-03-31T00:00:00", dateUpdated: "2024-08-04T11:21:14.621Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-03-18 22:15
Modified
2024-11-21 04:55
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96", versionEndExcluding: "2.9.10.4", versionStartIncluding: "2.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027", versionEndIncluding: "2.9.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B", versionEndExcluding: "12.2.0.1.20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).", }, { lang: "es", value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionados con org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (también se conoce como aries.transaction.jms).", }, ], id: "CVE-2020-10672", lastModified: "2024-11-21T04:55:49.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-03-18T22:15:12.313", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2659", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { source: "cve@mitre.org", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2659", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-18 22:15
Modified
2024-11-21 04:55
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "9FB021E3-0529-4F99-B880-66FDAC2F889D", versionEndExcluding: "2.6.7.4", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96", versionEndExcluding: "2.9.10.4", versionStartIncluding: "2.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027", versionEndIncluding: "2.9.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B", versionEndExcluding: "12.2.0.1.20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).", }, { lang: "es", value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionada con com.caucho.config.types.ResourceRef (también se conoce como caucho-quercus).", }, ], id: "CVE-2020-10673", lastModified: "2024-11-21T04:55:49.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-03-18T22:15:12.407", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2660", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { source: "cve@mitre.org", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2660", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-27 16:15
Modified
2024-11-21 05:40
Severity ?
Summary
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "8E5C8636-6A10-4B28-A8CA-E6E33D0CE689", versionEndExcluding: "2.3.2", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "19DA22A8-0B29-4181-B44E-57D28D9DB331", versionEndExcluding: "2.12.3", versionStartIncluding: "2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "CDCA55AC-0DB9-430E-B0EE-858C0D507BEC", versionEndExcluding: "2.13.2", versionStartIncluding: "2.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*", matchCriteriaId: "C6092C11-7779-451C-94F9-24FA2F2010FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", matchCriteriaId: "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "49ACFC73-A509-4D1C-8FC3-F68F495AB055", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "615C7D0D-A9D5-43BA-AF61-373EC1095354", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "F2BB6A71-6AF6-4C0B-9304-4111E32108D4", versionEndIncluding: "8.1.0.0.0", versionStartIncluding: "8.0.6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:*", matchCriteriaId: "EB4FBBDC-0AAF-4E9B-9902-02E7B4EF4E68", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "080BBC04-92B9-4910-8859-44097610C016", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*", matchCriteriaId: "6EC0B307-B9D2-497B-81CF-B435ABFB1CFA", versionEndIncluding: "11.7.0", versionStartIncluding: "11.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DEFE7E72-D419-4040-81AB-B4934C13909F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C666FA96-3809-475C-B68F-29E59BD51959", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "B47C73D0-BE89-4D87-8765-12C507F13AFF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0.37:*:*:*:*:*:*:*", matchCriteriaId: "F10A0811-E8DA-4A8C-ACD4-424B278324BD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4.12:*:*:*:*:*:*:*", matchCriteriaId: "1AECBFB1-D3BC-49ED-9DE8-E51AE25B10CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0.26:*:*:*:*:*:*:*", matchCriteriaId: "41FDC9F1-6F9F-4579-828E-BD07F3D2B3D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0.37:*:*:*:*:*:*:*", matchCriteriaId: "CFC17C75-5423-4215-8E72-F41DDDC1C5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4.12:*:*:*:*:*:*:*", matchCriteriaId: "6F16267D-963E-41B2-B809-EBBFF44C5097", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "9C6B223B-84FE-4B1E-B2E7-AB5E614D1D79", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "F1A71170-4959-41E8-A0E3-E463522E6F30", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0.26:*:*:*:*:*:*:*", matchCriteriaId: "F36E966F-541C-4F6E-9FEF-5E4DB99DFDD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", matchCriteriaId: "0B1CAD50-749F-4ADB-A046-BF3585677A58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oracle_goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F607BB7D-BC1D-4153-B2B8-DB2B71EB7B98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "15512D27-7BEB-4DDD-9A1B-447FC7156E3D", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", matchCriteriaId: "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", matchCriteriaId: "90F0B2AB-453C-4585-8753-74D17BD20C79", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", matchCriteriaId: "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "44357172-4035-4D57-9C83-D80BDDE8E8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "254D8CE1-E821-44A6-9CAF-03D03986478B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "360B307A-3D7F-4B38-8248-76CF8318B023", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*", matchCriteriaId: "CBEEB907-B163-43FF-86DE-4387123DCC4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", matchCriteriaId: "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "36E16AEF-ACEB-413C-888C-8D250F65C180", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "1240ECE3-BF51-4558-B3B5-682F202BF938", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F3796186-D3A7-4259-846B-165AD9CEB7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CEDA5540-692D-47DA-9F68-83158D9AE628", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5435583-C454-4AC9-8A35-D2D30EB252EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_insights_cloud_service_suite:19.0:*:*:*:*:*:*:*", matchCriteriaId: "C2774D05-D03B-4754-814E-7554351CB9F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*", matchCriteriaId: "CE7DB324-98A0-40AD-96D4-0800340F6F3A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", matchCriteriaId: "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "80BF5DE6-E786-4207-BA3F-E8052860B25D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "28BE7634-CB02-4808-AB78-E7C6C3CDA6FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "8B7C509B-9DD8-4926-A0A8-0F5C0216CBEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.1:*:*:*:*:*:*:*", matchCriteriaId: "26862826-409F-487F-9E8F-C72E9016AB02", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.2:*:*:*:*:*:*:*", matchCriteriaId: "7BA45E7A-4386-42D3-9384-C59DD8F7386F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker_cloud_service:19.3:*:*:*:*:*:*:*", matchCriteriaId: "1F9D6342-451D-40D7-9CC7-638B003B5EFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6D325A0-3441-41AC-B00F-F2A7F85370A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*", matchCriteriaId: "78D8F551-8DC8-4510-8350-AE6BC64748DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", matchCriteriaId: "490B2C44-CECD-4551-B04F-4076D0E053C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*", matchCriteriaId: "7AACBCC9-FDAC-42DF-B931-BD908CAF5C65", versionEndIncluding: "21.9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "0D9E0011-6FF5-4C90-9780-7A1297BB09BF", versionEndIncluding: "21.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_and_graph:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "789DA537-09EA-485F-B41A-CB7E0B513C9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_and_graph:18c:*:*:*:*:*:*:*", matchCriteriaId: "8D379FFE-8A9A-4B9F-B4E3-5315BA4F973E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_and_graph:19c:*:*:*:*:*:*:*", matchCriteriaId: "05508099-EEB4-4CE6-8621-D07A5B8B16D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7737E073-B46E-456E-807C-FBEA43872A33", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D883EED9-CC64-479D-9C0A-35EB16F43AB4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:qos:reload4j:*:*:*:*:*:*:*:*", matchCriteriaId: "84E23FBA-2A0E-426E-8912-193C33E351EE", versionEndExcluding: "1.2.18.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1", }, { lang: "es", value: "Validación incorrecta del certificado con desajuste de host en el apéndice SMTP de Apache Log4j. Esto podría permitir que una conexión SMTPS fuera interceptada por un ataque de tipo man-in-the-middle que podría filtrar cualquier mensaje de registro enviado a través de ese appender. Corregido en Apache Log4j 2.12.3 y 2.13.1", }, ], id: "CVE-2020-9488", lastModified: "2024-11-21T05:40:45.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-27T16:15:12.897", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Mitigation", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/LOG4J2-2819", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0a2699f724156a558afd1abb6c044fb9132caa66dce861b82699722a%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0df3d7a5acb98c57e64ab9266aa21eeee1d9b399addb96f9cf1cbe05%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1fc73f0e16ec2fa249d3ad39a5194afb9cc5afb4c023dc0bab5a5881%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r22a56beb76dd8cf18e24fda9072f1e05990f49d6439662d3782a392f%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2f209d271349bafd91537a558a279c08ebcff8fa3e547357d58833e6%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r33864a0fc171c1c4bf680645ebb6d4f8057899ab294a43e1e4fe9d04%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r393943de452406f0f6f4b3def9f8d3c071f96323c1f6ed1a098f7fe4%40%3Ctorque-dev.db.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3d1d00441c55144a4013adda74b051ae7864128ebcfb6ee9721a2eb3%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4285398e5585a0456d3d9db021a4fce6e6fcf3ec027dfa13a450ec98%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r45916179811a32cbaa500f972de9098e6ee80ee81c7f134fce83e03a%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r48bcd06049c1779ef709564544c3d8a32ae6ee5c3b7281a606ac4463%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r48efc7cb5aeb4e1f67aaa06fb4b5479a5635d12f07d0b93fc2d08809%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4d5dc9f3520071338d9ebc26f9f158a43ae28a91923d176b550a807b%40%3Cdev.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4db540cafc5d7232c62e076051ef661d37d345015b2e59b3f81a932f%40%3Cdev.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4ed1f49616a8603832d378cb9d13e7a8b9b27972bb46d946ccd8491f%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5a68258e5ab12532dc179edae3d6e87037fa3b50ab9d63a90c432507%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r65578f3761a89bc164e8964acd5d913b9f8fd997967b195a89a97ca3%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7641ee788e1eb1be4bb206a7d15f8a64ec6ef23e5ec6132d5a567695%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7e5c10534ed06bf805473ac85e8412fe3908a8fa4cabf5027bf11220%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r7e739f2961753af95e2a3a637828fb88bfca68e5d6b0221d483a9ee5%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8c001b9a95c0bbec06f4457721edd94935a55932e64b82cc5582b846%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8e96c340004b7898cad3204ea51280ef6e4b553a684e1452bf1b18b1%40%3Cjira.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9776e71e3c67c5d13a91c1eba0dc025b48b802eb7561cc6956d6961c%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9a79175c393d14d760a0ae3731b4a873230a16ef321aa9ca48a810cd%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra051e07a0eea4943fa104247e69596f094951f51512d42c924e86c75%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra632b329b2ae2324fabbad5da204c4ec2e171ff60348ec4ba698fd40%40%3Cissues.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbc45eb0f53fd6242af3e666c2189464f848a851d408289840cecc6e3%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc6b81c013618d1de1b5d6b8c1088aaf87b4bacc10c2371f15a566701%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd55f65c6822ff235eda435d31488cfbb9aa7055cdf47481ebee777cc%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd8e87c4d69df335d0ba7d815b63be8bd8a6352f429765c52eb07ddac%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re024d86dffa72ad800f2848d0c77ed93f0b78ee808350b477a6ed987%40%3Cgitbox.hive.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rec34b1cccf907898e7cb36051ffac3ccf1ea89d0b261a2a3b3fb267f%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1c2a81a08034c688b8f15cf58a4cfab322d00002ca46d20133bee20%40%3Cdev.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200504-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-31 05:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96", versionEndExcluding: "2.9.10.4", versionStartIncluding: "2.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027", versionEndIncluding: "2.9.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B", versionEndExcluding: "12.2.0.1.20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).", }, { lang: "es", value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.commons.proxy.provider.remoting.RmiProvider (también se conoce como apache/commons-proxy).", }, ], id: "CVE-2020-11112", lastModified: "2024-11-21T04:56:49.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-03-31T05:15:13.070", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2666", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { source: "cve@mitre.org", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2666", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | financial_services_price_creation_and_discovery | 8.0.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Financial Services Price Creation and Discovery de Oracle Financial Services (componente: User Interface). La versión compatible que está afectada es la 8.0.7. Una vulnerabilidad explotable fácilmente permite a un atacante poco privilegiado con acceso a la red por medio de HTTP comprometer a Oracle Financial Services Price Creation and Discovery. Los ataques con éxito de esta vulnerabilidad pueden resultar en la creación, eliminación o modificación no autorizada del acceso a datos críticos o a todos los datos accesibles de Oracle Financial Services Price Creation and Discovery, así como también en el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Financial Services Price Creation and Discovery. CVSS 3.0 Puntuación Base 7.1 (Impactos de la confidencialidad y la integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).", }, ], id: "CVE-2020-2942", lastModified: "2024-11-21T05:26:41.610", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "secalert_us@oracle.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T14:15:36.920", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/102673 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1040214 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102673 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040214 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | financial_services_price_creation_and_discovery | 8.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "437CB468-B59D-4F0A-9E83-912D9A65A9A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Price Creation and Discovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized read access to a subset of Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", }, { lang: "es", value: "Vulnerabilidad en el componente Oracle Financial Services Price Creation and Discovery de Oracle Financial Services Applications (subcomponente: User Interface). La versión compatible afectada es la 8.0.5. Una vulnerabilidad fácilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Oracle Financial Services Price Creation and Discovery. Para que los ataques tengan éxito, se necesita la participación de otra persona diferente del atacante y, aunque la vulnerabilidad está presente en Oracle Financial Services Price Creation and Discovery, los ataques podrían afectar ligeramente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualización, inserción o supresión de algunos de los datos accesibles de Oracle Financial Services Price Creation and Discovery, así como el acceso de lectura sin autorización de un subconjunto de datos accesibles de Oracle Financial Services Price Creation and Discovery. CVSS 3.0 Base Score 6.1 (impactos de confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).", }, ], id: "CVE-2018-2722", lastModified: "2024-11-21T04:04:19.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-18T02:29:24.947", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102673", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040214", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040214", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-20 00:29
Modified
2024-11-21 04:20
Severity ?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", matchCriteriaId: "D2D193C7-2259-492F-8B85-E74C57A7426A", versionEndExcluding: "3.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "FC5AB839-4DAC-45E7-9D0B-B528F6D12043", versionEndExcluding: "7.66", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "9106BF81-B898-4EB0-B63C-9919D3B22260", versionEndExcluding: "8.5.15", versionStartIncluding: "8.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "9B37281E-9B44-42A5-AE0A-17CE6770995C", versionEndExcluding: "8.6.15", versionStartIncluding: "8.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", matchCriteriaId: "E75C32CE-3FA9-4DC2-A22A-4A841D4911EB", versionEndExcluding: "1.11.9", versionStartIncluding: "1.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*", matchCriteriaId: "F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4", versionEndExcluding: "1.12.6", versionStartIncluding: "1.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B9273745-6408-4CD3-94E8-9385D4F5FE69", versionEndIncluding: "3.1.3", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", matchCriteriaId: "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "9FA1A18F-D997-4121-A01B-FD9B3BF266CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*", matchCriteriaId: "230E2167-9107-4994-8328-295575E17DF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "900D2344-5160-42A0-8C49-36DBC7FF3D87", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", matchCriteriaId: "90CFEC52-A574-493E-A2AC-0EC21851BBFA", versionEndExcluding: "19.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3665B8A2-1F1A-490F-B01D-5B3455A6A539", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A8577D60-A711-493D-9246-E49D0E2B07E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "17EA8B91-7634-4636-B647-1049BA7CA088", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5B4DF46F-DBCC-41F2-A260-F83A14838F23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*", matchCriteriaId: "5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "10F17843-32EA-4C31-B65C-F424447BEF7B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*", matchCriteriaId: "C784CEE8-F071-4583-A72D-F46C7C95FEC0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*", matchCriteriaId: "660DB443-6250-4956-ABD1-C6A522B8DCCA", versionEndIncluding: "2.8.0", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "3625D477-1338-46CB-90B1-7291D617DC39", versionEndIncluding: "2.10.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5CD806C1-CC17-47BD-8BB0-9430C4253BC7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9DC56004-4497-4CDD-AE76-5E3DFAE170F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "274A0CF5-41E8-42E0-9931-F7372A65B9C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*", matchCriteriaId: "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*", matchCriteriaId: "B796AC70-A220-48D8-B8CD-97CF57227962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", matchCriteriaId: "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", matchCriteriaId: "7231AF76-3D46-41C4-83E9-6E9E12940BD9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", matchCriteriaId: "C4534CF9-D9FD-4936-9D8C-077387028A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", matchCriteriaId: "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FCA44E38-EB8C-4E2D-8611-B201F47520E9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", matchCriteriaId: "1A0E3537-CB5A-40BF-B42C-CED9211B8892", versionEndIncluding: "16.4.0", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "0C57FD3A-0CC1-4BA9-879A-8C4A40234162", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "698FB6D0-B26F-4760-9B9B-1C65FBFF2126", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*", matchCriteriaId: "4E16A16E-BFA3-4D17-9B4E-B42ADE725356", versionEndIncluding: "6.4", versionStartIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "9264AF8A-3819-40E5-BBCB-3B6C95A0D828", versionEndIncluding: "4.3", versionStartIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", matchCriteriaId: "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*", matchCriteriaId: "E3517A27-E6EE-497C-9996-F78171BBE90F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1C3CE8D5-6404-4CEB-953E-7B7961BC14D6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DB43DFD4-D058-4001-BD19-488E059F4532", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "086E2E5C-44EB-4C07-B298-C04189533996", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "AA77B994-3872-4059-854B-0974AA5593D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5682DAEB-3810-4541-833A-568C868BCE0B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", matchCriteriaId: "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8198E762-9AD9-452B-B1AF-516E52436B7D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*", matchCriteriaId: "D0D177F6-25D9-4696-8528-3F57D91BAC12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", matchCriteriaId: "726DB59B-00C7-444E-83F7-CB31032482AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*", matchCriteriaId: "80B6D265-9D72-45C3-AA2C-5B186E23CDAF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7015A8CB-8FA6-423E-8307-BD903244F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA", versionEndIncluding: "7.3.5", versionStartIncluding: "7.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "FA699B16-5100-4485-9BB7-85B247743B17", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "A7E00BA1-E643-45D9-97D3-EF12C29DB262", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2ACA29E6-F393-46E5-B2B3-9158077819A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", matchCriteriaId: "703DA91D-3440-4C67-AA20-78F71B1376DD", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "39B8DFFF-B037-4F29-8C8E-F4BBC3435199", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*", matchCriteriaId: "9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*", matchCriteriaId: "A180039F-22C3-458E-967D-E07C61C69FAF", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00E5D719-249D-48B8-BAFC-1E14D250B3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "2C5F6B8C-2044-4E68-98BD-37B0CD108434", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "672949B4-1989-4AA7-806F-EEC07D07F317", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "73E05211-8415-42FB-9B93-959EB03B090B", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9476D1DA-C8A8-40A0-94DD-9B46C05FD461", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "CF6A5433-A7D9-4521-9D28-E7684FB76E5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", matchCriteriaId: "AC15899F-8528-4D10-8CD5-F67121D7F293", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F727AAC6-6D9F-4B28-B07C-6A93916C43A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", matchCriteriaId: "30657F1B-D1FC-4EE6-9854-18993294A01D", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "51C17460-D326-4525-A7D1-0AED53E75E18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "30F0991A-8507-48C4-9A8E-DE5B28C46A99", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00ED7CB0-96F7-4089-9047-A3AC241139C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*", matchCriteriaId: "005E458D-4059-4E20-A620-B25DEBCE40C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "74008AEE-589F-423E-8D77-EA54C36D776A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "FD85DB06-692F-4E81-BEB7-1E41B438D1FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6149C89E-0111-4CF9-90CA-0662D2F75E04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "6CDDF6CA-6441-4606-9D2F-22A67BA46978", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6C521C-F104-4E26-82F2-6F63F94108BC", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "397B1A24-7C95-4A73-8363-4529A7F6CFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "402B8642-7ACC-4F42-87A9-AB4D3B581751", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*", matchCriteriaId: "2163B848-D684-4B17-969A-36E0866C5749", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", matchCriteriaId: "00615085-65B2-4211-A766-551842B3356F", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F8E565DA-91BE-44FC-A28F-579BE8D2281A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*", matchCriteriaId: "51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "669BA301-4D29-4692-823B-CDEDD2A5BD18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "419559E6-5441-4335-8FE1-6ADAAD9355DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*", matchCriteriaId: "036E4450-53C6-4322-9C7D-91DA94C9A3C9", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "89C26226-A3CF-4D36-BBDA-80E298E0A51F", versionEndIncluding: "8.0.6", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "F67D1332-621E-4756-B205-97A5CF670A19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "6748C867-0A52-452B-B4D6-DA80396F4152", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A64B5C4C-DF69-4292-A534-EDC5955CDDAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C7141C66-0384-4BA1-A788-91DEB7EF1361", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "06E586B3-3434-4B08-8BE3-16C528642CA5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B95E8056-51D8-4390-ADE3-661B7AE1D7CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9059A907-508B-4844-8D7B-0FA68C0DF6A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B1F726C6-EA5A-40FF-8809-4F48E4AE6976", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CD7C26E3-BB0D-4218-8176-319AEA2925C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "DD67072F-3CFC-480D-9360-81A05D523318", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*", matchCriteriaId: "652E762A-BCDD-451E-9DE3-F1555C1E4B16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "1A3DC116-2844-47A1-BEC2-D0675DD97148", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", matchCriteriaId: "2AC63D10-2326-4542-B345-31D45B9A7408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*", matchCriteriaId: "7BFD7783-BE15-421C-A550-7FE15AB53ABF", versionEndIncluding: "19.1.2", versionStartIncluding: "19.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*", matchCriteriaId: "1F7BF047-03C5-4A60-B718-E222B16DBF41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*", matchCriteriaId: "E3A73D81-3E1A-42E6-AB96-835CDD5905F2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "AA10CA55-C155-4DAD-A109-87A80116F1A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*", matchCriteriaId: "66136D6D-FC52-40DB-B7B6-BA8B7758CE16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "06514F46-544B-4404-B45C-C9584EBC3131", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3BD4BF9A-BF38-460D-974D-5B3255AAF946", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "92D538A5-819D-4DF7-85FE-4D4EB6E230E0", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AEDA3A88-002B-4700-9277-3187C0A3E4B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "BE886BC5-F807-4627-8233-2290817FE205", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "B47C73D0-BE89-4D87-8765-12C507F13AFF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "E6B5D7DB-C70E-4926-819F-E39B79F4D0C5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "37EB4A1D-A875-46B7-BEB0-694D1F400CF7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2233F287-6B9F-4C8A-A724-959DD3AD29AF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "2381FAB6-8D36-4389-98E4-74F3462654BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*", matchCriteriaId: "9E587602-BA7D-4087-BE29-ACE0B01BD590", versionEndIncluding: "8.6.3", versionStartIncluding: "8.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", matchCriteriaId: "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "84668F58-6511-4E53-8213-13B440F454C1", versionEndIncluding: "12.2.15", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*", matchCriteriaId: "9D8B3B57-73D6-4402-987F-8AE723D52F94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "62BF043E-BCB9-433D-BA09-7357853EE127", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "3F26FB80-F541-4B59-AC3C-633F49388B59", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", matchCriteriaId: "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", matchCriteriaId: "12D3B2F0-E9C7-432B-91C6-A6C329A84B78", versionEndIncluding: "12.2.15", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32", versionEndIncluding: "16.2.11", versionStartIncluding: "16.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED", versionEndIncluding: "17.12.7", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF", versionEndIncluding: "18.8.9", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "69112C56-7747-4E11-A938-85A481529F58", versionEndIncluding: "19.12.4", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*", matchCriteriaId: "D9E628E7-6CC5-418C-939F-8EEA69B222A0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*", matchCriteriaId: "99579D88-27C0-4B93-B2F4-69B6781BC4BD", versionEndIncluding: "2.3.0.3", versionStartIncluding: "2.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", matchCriteriaId: "36FC547E-861A-418C-A314-DA09A457B13A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", matchCriteriaId: "DF9FEE51-50E3-41E9-AA0D-272A640F85CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", matchCriteriaId: "E69E905F-2E1A-4462-9082-FF7B10474496", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", matchCriteriaId: "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*", matchCriteriaId: "C5F4C40E-3ABC-4C59-B226-224262DCFF37", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "31C7EEA3-AA72-48DA-A112-2923DBB37773", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "83B5F416-56AE-4DC5-BCFF-49702463E716", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", matchCriteriaId: "AD4AB77A-E829-4603-AF6A-97B9CD0D687F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", matchCriteriaId: "6DE15D64-6F49-4F43-8079-0C7827384C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "36E16AEF-ACEB-413C-888C-8D250F65C180", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", matchCriteriaId: "237968A4-AE89-44DC-8BA3-D9651F88883D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", matchCriteriaId: "959316A8-C3AF-4126-A242-3835ED0AD1E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "70BEF219-45EC-4A53-A815-42FBE20FC300", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*", matchCriteriaId: "2AA4E307-D5FA-461D-9809-BDD123AE7B74", versionEndIncluding: "19.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*", matchCriteriaId: "98B9198C-11DF-4E80-ACFC-DC719CED8C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "587EE4F3-E7AC-4A69-9476-0E71E75EE7A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*", matchCriteriaId: "A7961BBD-6411-4D32-947D-3940221C235B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*", matchCriteriaId: "162C6FD9-AEC2-4EBA-A163-3054840B8ACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "A6879D52-A44E-4DF8-8A3A-3613822EB469", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5AAF89C1-AAC2-449C-90C1-895F5F8843B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*", matchCriteriaId: "2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1", versionEndIncluding: "2.3.0.3", versionStartIncluding: "2.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D551CAB1-4312-44AA-BDA8-A030817E153A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", matchCriteriaId: "C63557DE-E65B-46F4-99C4-247EACCB7BBA", versionEndIncluding: "3.9.4", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", matchCriteriaId: "216E7DDE-453D-481F-92E2-9F8466CDDA3F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", }, { lang: "es", value: "jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propiedad enumerable __proto__, podría extender el Object.prototype nativo.", }, ], id: "CVE-2019-11358", lastModified: "2024-11-21T04:20:56.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-20T00:29:00.247", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/03/2", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108023", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2587", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://backdropcms.org/security/backdrop-sa-core-2019-009", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/4333", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Apr/32", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/12", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190919-0001/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4434", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4460", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.drupal.org/sa-core-2019-006", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_19", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-08", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/03/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHBA-2019:1570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://backdropcms.org/security/backdrop-sa-core-2019-009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/4333", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Apr/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190919-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://snyk.io/vuln/SNYK-JS-JQUERY-174006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.drupal.org/sa-core-2019-006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-02", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1321", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-29 22:15
Modified
2024-11-21 04:56
Severity ?
6.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", matchCriteriaId: "B5CFA4CA-5296-4B78-8D65-34FC63A09DEF", versionEndExcluding: "3.5.0", versionStartIncluding: "1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "70C672EE-2027-4A29-8C14-3450DEF1462A", versionEndExcluding: "7.70", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "BBFE42E2-6583-4EBE-B320-B8CF9CA0C3BC", versionEndExcluding: "8.7.14", versionStartIncluding: "8.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", matchCriteriaId: "7BA49DB0-ECC3-4155-B76C-0CA292600DE6", versionEndExcluding: "8.8.6", versionStartIncluding: "8.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D0DBC938-A782-433F-8BF1-CA250C332AA7", versionEndExcluding: "21.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*", matchCriteriaId: "B796AC70-A220-48D8-B8CD-97CF57227962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*", matchCriteriaId: "FAFED7F5-03FA-43B5-AD13-1130F0324448", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", matchCriteriaId: "1A0E3537-CB5A-40BF-B42C-CED9211B8892", versionEndIncluding: "16.4.0", versionStartIncluding: "16.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", matchCriteriaId: "726DB59B-00C7-444E-83F7-CB31032482AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7015A8CB-8FA6-423E-8307-BD903244F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "F2BB6A71-6AF6-4C0B-9304-4111E32108D4", versionEndIncluding: "8.1.0.0.0", versionStartIncluding: "8.0.6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "AD080793-FC45-4260-8E45-40E228F432FC", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2ACA29E6-F393-46E5-B2B3-9158077819A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "FCD1EC13-CC2F-4668-90D2-D8609066F2DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "4D614F76-0AA1-4EA8-A24A-38EFC90EF5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "39B8DFFF-B037-4F29-8C8E-F4BBC3435199", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*", matchCriteriaId: "C5E0646D-4866-41FB-AE2E-5307B6F4004A", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*", matchCriteriaId: "B37FC113-4F40-4D29-8712-7AD250373008", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00E5D719-249D-48B8-BAFC-1E14D250B3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "712577A9-04D6-4579-A82B-72200E467399", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "672949B4-1989-4AA7-806F-EEC07D07F317", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "987A0C35-4C7F-4FFB-B47B-37B69A32F879", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "8B3B6BE3-4C5A-402F-832C-86A0A6234C25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9476D1DA-C8A8-40A0-94DD-9B46C05FD461", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "34070F24-2E53-43EC-9117-E1434B2C4C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B9B2C2F6-235F-4E78-A299-18C041C05C9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F727AAC6-6D9F-4B28-B07C-6A93916C43A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", matchCriteriaId: "6662C783-5B5C-4559-89F5-1A681AA46A3E", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "51C17460-D326-4525-A7D1-0AED53E75E18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6149C89E-0111-4CF9-90CA-0662D2F75E04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "6CDDF6CA-6441-4606-9D2F-22A67BA46978", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "2A333755-4B6E-4A0F-AC48-4CEA70CD5801", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "397B1A24-7C95-4A73-8363-4529A7F6CFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "501B9331-6BB7-44BF-A664-180CAFABF88C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F2A3AE3C-8E24-4FB6-9954-9B50CBD59B21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F8E565DA-91BE-44FC-A28F-579BE8D2281A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*", matchCriteriaId: "AED72F90-3B68-45AC-865C-110F7FD30D37", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*", matchCriteriaId: "4F909C61-1A74-402C-B74F-BAF7297875B0", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B95E8056-51D8-4390-ADE3-661B7AE1D7CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "609D6EDF-D4D0-4370-9B8B-CA39D41946C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9059A907-508B-4844-8D7B-0FA68C0DF6A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", matchCriteriaId: "2AC63D10-2326-4542-B345-31D45B9A7408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*", matchCriteriaId: "7BFD7783-BE15-421C-A550-7FE15AB53ABF", versionEndIncluding: "19.1.2", versionStartIncluding: "19.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*", matchCriteriaId: "1F7BF047-03C5-4A60-B718-E222B16DBF41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*", matchCriteriaId: "E3A73D81-3E1A-42E6-AB96-835CDD5905F2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*", matchCriteriaId: "66136D6D-FC52-40DB-B7B6-BA8B7758CE16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "06514F46-544B-4404-B45C-C9584EBC3131", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3BD4BF9A-BF38-460D-974D-5B3255AAF946", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "B7DB4831-F874-4D9D-AB58-BE4A554891EA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "B47C73D0-BE89-4D87-8765-12C507F13AFF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "15512D27-7BEB-4DDD-9A1B-447FC7156E3D", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", matchCriteriaId: "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", matchCriteriaId: "90F0B2AB-453C-4585-8753-74D17BD20C79", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "31C7EEA3-AA72-48DA-A112-2923DBB37773", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", matchCriteriaId: "959316A8-C3AF-4126-A242-3835ED0AD1E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*", matchCriteriaId: "98B9198C-11DF-4E80-ACFC-DC719CED8C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*", matchCriteriaId: "FD1FCB0D-3E19-4461-9330-4D7F02972A35", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B9273745-6408-4CD3-94E8-9385D4F5FE69", versionEndIncluding: "3.1.3", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", matchCriteriaId: "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "4ACF85D6-6B45-43DA-9C01-F0208186F014", versionEndExcluding: "6.0.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CA6F2E4C-C935-40CF-972E-8C3D8A912134", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "59830587-A6B0-4642-B566-6FD8792F7716", versionEndIncluding: "20.1", versionStartIncluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*", matchCriteriaId: "B796AC70-A220-48D8-B8CD-97CF57227962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", matchCriteriaId: "790A89FD-6B86-49AE-9B4F-AE7262915E13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*", matchCriteriaId: "FAFED7F5-03FA-43B5-AD13-1130F0324448", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", matchCriteriaId: "726DB59B-00C7-444E-83F7-CB31032482AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7015A8CB-8FA6-423E-8307-BD903244F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "AD080793-FC45-4260-8E45-40E228F432FC", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2ACA29E6-F393-46E5-B2B3-9158077819A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "FCD1EC13-CC2F-4668-90D2-D8609066F2DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "4D614F76-0AA1-4EA8-A24A-38EFC90EF5DB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "39B8DFFF-B037-4F29-8C8E-F4BBC3435199", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*", matchCriteriaId: "C5E0646D-4866-41FB-AE2E-5307B6F4004A", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*", matchCriteriaId: "B37FC113-4F40-4D29-8712-7AD250373008", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00E5D719-249D-48B8-BAFC-1E14D250B3F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "712577A9-04D6-4579-A82B-72200E467399", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "672949B4-1989-4AA7-806F-EEC07D07F317", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "987A0C35-4C7F-4FFB-B47B-37B69A32F879", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "8B3B6BE3-4C5A-402F-832C-86A0A6234C25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9476D1DA-C8A8-40A0-94DD-9B46C05FD461", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "34070F24-2E53-43EC-9117-E1434B2C4C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "B9B2C2F6-235F-4E78-A299-18C041C05C9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F727AAC6-6D9F-4B28-B07C-6A93916C43A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", matchCriteriaId: "6662C783-5B5C-4559-89F5-1A681AA46A3E", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "51C17460-D326-4525-A7D1-0AED53E75E18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "6149C89E-0111-4CF9-90CA-0662D2F75E04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "6CDDF6CA-6441-4606-9D2F-22A67BA46978", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "2A333755-4B6E-4A0F-AC48-4CEA70CD5801", versionEndIncluding: "8.0.8", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "397B1A24-7C95-4A73-8363-4529A7F6CFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D262848E-AA24-4057-A747-6221BA22ADF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "501B9331-6BB7-44BF-A664-180CAFABF88C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "F2A3AE3C-8E24-4FB6-9954-9B50CBD59B21", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F8E565DA-91BE-44FC-A28F-579BE8D2281A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:*", matchCriteriaId: "AED72F90-3B68-45AC-865C-110F7FD30D37", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*", matchCriteriaId: "4F909C61-1A74-402C-B74F-BAF7297875B0", versionEndIncluding: "8.0.9", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B95E8056-51D8-4390-ADE3-661B7AE1D7CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "609D6EDF-D4D0-4370-9B8B-CA39D41946C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9059A907-508B-4844-8D7B-0FA68C0DF6A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", matchCriteriaId: "2AC63D10-2326-4542-B345-31D45B9A7408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*", matchCriteriaId: "1F7BF047-03C5-4A60-B718-E222B16DBF41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*", matchCriteriaId: "E3A73D81-3E1A-42E6-AB96-835CDD5905F2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*", matchCriteriaId: "351F9DE9-2FCE-4BCA-A098-CDFB07E6E4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*", matchCriteriaId: "66136D6D-FC52-40DB-B7B6-BA8B7758CE16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "06514F46-544B-4404-B45C-C9584EBC3131", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3BD4BF9A-BF38-460D-974D-5B3255AAF946", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D10745C6-2751-4FD0-BDFA-84C7AB8066BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "B47C73D0-BE89-4D87-8765-12C507F13AFF", versionEndIncluding: "5.6.0.0", versionStartIncluding: "5.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5B8AA91A-1880-43CD-938D-48EF58ACF2CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "15512D27-7BEB-4DDD-9A1B-447FC7156E3D", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*", matchCriteriaId: "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*", matchCriteriaId: "90F0B2AB-453C-4585-8753-74D17BD20C79", versionEndIncluding: "12.2.20", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", matchCriteriaId: "31C7EEA3-AA72-48DA-A112-2923DBB37773", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*", matchCriteriaId: "959316A8-C3AF-4126-A242-3835ED0AD1E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*", matchCriteriaId: "98B9198C-11DF-4E80-ACFC-DC719CED8C7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B40B13B7-68B3-4510-968C-6A730EB46462", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", }, { lang: "es", value: "En las versiones de jQuery mayores o iguales a 1.2 y anteriores a la versión 3.5.0, se puede ejecutar HTML desde fuentes no seguras, incluso después de desinfectarlo, a uno de los métodos de manipulación DOM de jQuery (es decir .html (), .append () y otros). código no seguro Este problema está corregido en jQuery 3.5.0.", }, ], id: "CVE-2020-11022", lastModified: "2024-11-21T04:56:36.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 4.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-29T22:15:11.903", references: [ { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", }, { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", }, { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://jquery.com/upgrade-guide/3.5/", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", }, { source: "security-advisories@github.com", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-03", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200511-0006/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4693", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.drupal.org/sa-core-2020-002", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security-advisories@github.com", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-10", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-11", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-02", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://jquery.com/upgrade-guide/3.5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200511-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4693", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.drupal.org/sa-core-2020-002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-26 13:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96", versionEndExcluding: "2.9.10.4", versionStartIncluding: "2.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027", versionEndIncluding: "2.9.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B", versionEndExcluding: "12.2.0.1.20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).", }, { lang: "es", value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.aoju.bus.proxy.provider.remoting.RmiProvider (también se conoce como bus-proxy).", }, ], id: "CVE-2020-10968", lastModified: "2024-11-21T04:56:28.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-03-26T13:15:12.970", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2662", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { source: "cve@mitre.org", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-02 04:15
Modified
2024-11-21 05:40
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "29BC94E0-FEBC-4E86-825C-0101DC339852", versionEndExcluding: "2.7.9.7", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "04F30C23-46F8-4F58-807B-002C5E96B7F7", versionEndExcluding: "2.8.11.6", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96", versionEndExcluding: "2.9.10.4", versionStartIncluding: "2.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", matchCriteriaId: "9FBC1BD0-FF12-4691-8751-5F245D991989", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027", versionEndIncluding: "2.9.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:*", matchCriteriaId: "EB4FBBDC-0AAF-4E9B-9902-02E7B4EF4E68", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B", versionEndExcluding: "12.2.0.1.20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).", }, { lang: "es", value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4 maneja inapropiadamente la interacción entre la serialización de gadgets y el tipeo, relacionada a org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (también se conoce como shaded hikari-config).", }, ], id: "CVE-2020-9546", lastModified: "2024-11-21T05:40:50.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-02T04:15:10.843", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2631", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html", }, { source: "cve@mitre.org", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200904-0006/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200904-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-18 02:29
Modified
2024-11-21 04:04
Severity ?
Summary
Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/102668 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | http://www.securitytracker.com/id/1040214 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102668 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040214 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | financial_services_price_creation_and_discovery | 8.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "437CB468-B59D-4F0A-9E83-912D9A65A9A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Price Creation and Discovery. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Price Creation and Discovery accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Price Creation and Discovery accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el componente Oracle Financial Services Price Creation and Discovery de Oracle Financial Services Applications (subcomponente: User Interface). La versión compatible afectada es la 8.0.5. Una vulnerabilidad fácilmente explotable permite que un atacante con pocos privilegios que tenga acceso a red por HTTP comprometa la seguridad de Oracle Financial Services Price Creation and Discovery. Los ataques exitosos a esta vulnerabilidad pueden resultar en la creación, supresión o modificación sin autorización de datos de suma importancia o de todos los datos accesibles de Oracle Financial Services Price Creation and Discovery, así como el acceso sin autorización a datos de nivel de importancia crítico o todos los datos accesibles de Oracle Financial Services Price Creation and Discovery. CVSS 3.0 Base Score 8.1 (impactos de confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", }, ], id: "CVE-2018-2721", lastModified: "2024-11-21T04:04:19.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-18T02:29:24.897", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102668", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040214", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040214", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-26 13:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "29BC94E0-FEBC-4E86-825C-0101DC339852", versionEndExcluding: "2.7.9.7", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "04F30C23-46F8-4F58-807B-002C5E96B7F7", versionEndExcluding: "2.8.11.6", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96", versionEndExcluding: "2.9.10.4", versionStartIncluding: "2.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027", versionEndIncluding: "2.9.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "113E281E-977E-4195-B131-B7C7A2933B6E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B", versionEndExcluding: "12.2.0.1.20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.", }, { lang: "es", value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con javax.swing.JEditorPane.", }, ], id: "CVE-2020-10969", lastModified: "2024-11-21T04:56:28.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-03-26T13:15:13.077", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2642", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { source: "cve@mitre.org", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2642", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-31 05:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", matchCriteriaId: "77F8EDB1-5890-4054-84FF-2034C7D2ED96", versionEndExcluding: "2.9.10.4", versionStartIncluding: "2.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97994257-C9A4-4491-B362-E8B25B7187AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*", matchCriteriaId: "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "5343F8F8-E8B4-49E9-A304-9C8A608B8027", versionEndIncluding: "2.9.0", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "46059231-E7F6-4402-8119-1C7FE4ABEA96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", matchCriteriaId: "526E2FE5-263F-416F-8628-6CD40B865780", versionEndIncluding: "8.2.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", matchCriteriaId: "987811D5-DA5E-493D-8709-F9231A84E5F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DB23B9A-571E-4B77-B432-23F3DC9B67D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E5416A1-EE58-415D-9645-B6A875EBAED2", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", versionEndIncluding: "8.2.2", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "021014B2-DC51-481C-BCFE-5857EFBDEDDA", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "37C8EE84-A840-4132-B331-C7D450B1FBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1D8436A2-9CA3-4C91-B632-9B03368ABC1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A00142E6-EEB3-44BD-AB0D-0E5C5640557F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "4A01F8ED-64DA-43BC-9C02-488010BCD0F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "75638A6A-88B2-4BC7-84EA-1CF5FC30D555", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1FBF422E-3F67-4599-A7C1-0E2E4224553A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "A8200D5C-D3C7-4936-84A7-37864DEEC62B", versionEndExcluding: "12.2.0.1.20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*", matchCriteriaId: "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "9F058FDA-04BC-4F32-830D-206983770692", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "A3D635AE-5E4A-47FB-9FCA-D82D52A61367", versionEndExcluding: "9.2.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*", matchCriteriaId: "792DF04A-2D1B-40B5-B960-3E7152732EB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*", matchCriteriaId: "7DA6E92C-AC3B-40CF-96AE-22CD8769886F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*", matchCriteriaId: "378A6656-252B-4929-83EA-BC107FDFD357", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*", matchCriteriaId: "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*", matchCriteriaId: "F62A2144-5EF8-4319-B8C2-D7975F51E5FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", matchCriteriaId: "11DA6839-849D-4CEF-85F3-38FE75E07183", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", matchCriteriaId: "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", matchCriteriaId: "55AE3629-4A66-49E4-A33D-6D81CC94962F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", matchCriteriaId: "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", matchCriteriaId: "27C26705-6D1F-4D5E-B64D-B479108154FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).", }, { lang: "es", value: "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.openjpa.ee.WASRegistryManagedRuntime (también se conoce como openjpa).", }, ], id: "CVE-2020-11113", lastModified: "2024-11-21T04:56:49.317", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-03-31T05:15:13.117", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2670", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { source: "cve@mitre.org", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/FasterXML/jackson-databind/issues/2670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200403-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }